|
307041
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authent…
|
CWE-862
Missing Authorization
|
CVE-2020-36833
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307042
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login a…
|
CWE-287
Improper Authentication
|
CVE-2020-36832
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307043
|
5.0 |
MEDIUM
Network
|
-
|
-
|
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in vers…
|
CWE-284
Improper Access Control
|
CVE-2020-36831
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307044
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect…
|
CWE-862
Missing Authorization
|
CVE-2019-25217
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307045
|
7.2 |
HIGH
Network
|
-
|
-
|
The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25216
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307046
|
7.3 |
HIGH
Network
|
-
|
-
|
The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This make…
|
CWE-862
Missing Authorization
|
CVE-2019-25215
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307047
|
7.2 |
HIGH
Network
|
-
|
-
|
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for …
|
CWE-862
Missing Authorization
|
CVE-2019-25214
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307048
|
8.3 |
HIGH
Network
|
-
|
-
|
The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to…
|
CWE-79
Cross-site Scripting
|
CVE-2017-20192
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307049
|
7.2 |
HIGH
Network
|
-
|
-
|
The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter…
|
-
|
CVE-2016-15041
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
307050
|
- |
|
-
|
-
|
The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user suppli…
|
CWE-89
SQL Injection
|
CVE-2016-15040
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
