|
251851
|
8.3 |
HIGH
Network
|
-
|
-
|
The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. …
|
CWE-352
Origin Validation Error
|
CVE-2020-36839
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251852
|
7.4 |
HIGH
Network
|
-
|
-
|
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw …
|
CWE-284
Improper Access Control
|
CVE-2020-36838
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251853
|
9.9 |
CRITICAL
Network
|
-
|
-
|
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This m…
|
CWE-862
Missing Authorization
|
CVE-2020-36837
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251854
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on var…
|
CWE-862
Missing Authorization
|
CVE-2020-36834
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251855
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authent…
|
CWE-862
Missing Authorization
|
CVE-2020-36833
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251856
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login a…
|
CWE-287
Improper Authentication
|
CVE-2020-36832
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251857
|
5.0 |
MEDIUM
Network
|
-
|
-
|
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in vers…
|
CWE-284
Improper Access Control
|
CVE-2020-36831
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251858
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect…
|
CWE-862
Missing Authorization
|
CVE-2019-25217
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251859
|
7.2 |
HIGH
Network
|
-
|
-
|
The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25216
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
251860
|
7.3 |
HIGH
Network
|
-
|
-
|
The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This make…
|
CWE-862
Missing Authorization
|
CVE-2019-25215
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
