3 matches found
CVE-2022-38058
WP Shamsi plugin for WordPress is affected up to version 4.1.1 by an authenticated settings-change vulnerability. The root cause is missing authorization checks on plugin settings changes, allowing a subscriber+ to modify settings. Remediation: update to a version greater than 4.1.1 (Patch guidan...
CVE-2023-0335
The CVE-2023-0335 entry concerns the WP Shamsi WordPress plugin (versions up to 4.3.3). The connected sources confirm CSRF and broken access control vulnerabilities that allow a user with as little as Subscriber privileges to delete attachments. The underlying issue is a lack of CSRF validation a...
CVE-2022-4555
The CVE-2022-4555 issue affects the WP Shamsi WordPress plugin (