|
307031
|
6.5 |
MEDIUM
Network
|
-
|
-
|
The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the edit_users c…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2023-7286
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307032
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce prot…
|
CWE-862
Missing Authorization
|
CVE-2022-4974
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307033
|
8.8 |
HIGH
Network
|
-
|
-
|
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form a…
|
CWE-862
Missing Authorization
|
CVE-2021-4447
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307034
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes i…
|
CWE-862
Missing Authorization
|
CVE-2021-4446
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307035
|
- |
|
-
|
-
|
The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes i…
|
CWE-862
Missing Authorization
|
CVE-2021-4444
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307036
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthentic…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-4443
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307037
|
8.3 |
HIGH
Network
|
-
|
-
|
The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. …
|
CWE-352
Origin Validation Error
|
CVE-2020-36839
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307038
|
7.4 |
HIGH
Network
|
-
|
-
|
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw …
|
CWE-284
Improper Access Control
|
CVE-2020-36838
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307039
|
9.9 |
CRITICAL
Network
|
-
|
-
|
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This m…
|
CWE-862
Missing Authorization
|
CVE-2020-36837
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307040
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on var…
|
CWE-862
Missing Authorization
|
CVE-2020-36834
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
