The Nifty Newsletters WordPress plugin is vulnerable to Cross-Site Request Forgery via the sola_nl_wp_head function found in the ~/sola-newsletters.php file which allows attackers to inject arbitrary web scripts, in versions up to and including...
8.8CVSS
8.5AI Score
0.001EPSS
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant...
5.4CVSS
5.6AI Score
0.001EPSS