|
314811
|
5.0 |
MEDIUM
Network
|
-
|
-
|
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in vers…
|
CWE-284
Improper Access Control
|
CVE-2020-36831
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314812
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect…
|
CWE-862
Missing Authorization
|
CVE-2019-25217
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314813
|
7.2 |
HIGH
Network
|
-
|
-
|
The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization a…
|
CWE-79
Cross-site Scripting
|
CVE-2019-25216
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314814
|
7.3 |
HIGH
Network
|
-
|
-
|
The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This make…
|
CWE-862
Missing Authorization
|
CVE-2019-25215
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314815
|
7.2 |
HIGH
Network
|
-
|
-
|
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for …
|
CWE-862
Missing Authorization
|
CVE-2019-25214
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314816
|
8.3 |
HIGH
Network
|
-
|
-
|
The Formidable Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters submitted during form entries like 'after_html' in versions before 2.05.03 due to…
|
CWE-79
Cross-site Scripting
|
CVE-2017-20192
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314817
|
7.2 |
HIGH
Network
|
-
|
-
|
The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwp_setup_purchase_username’ parameter…
|
-
|
CVE-2016-15041
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314818
|
- |
|
-
|
-
|
The Kento Post View Counter plugin for WordPress is vulnerable to SQL Injection via the 'kento_pvc_geo' parameter in versions up to, and including, 2.8 due to insufficient escaping on the user suppli…
|
CWE-89
SQL Injection
|
CVE-2016-15040
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314819
|
8.3 |
HIGH
Network
|
-
|
-
|
The Mapplic and Mapplic Lite plugins for WordPress are vulnerable to Server-Side Request Forgery in versions up to, and including 6.1, 1.0 respectively. This makes it possible for attackers to forger…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2012-10018
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314820
|
- |
|
-
|
-
|
The Community by PeepSo – Social Network, Membership, Registration, User Profiles, Premium – Mobile App plugin for WordPress is vulnerable to Stored Cross-Site Scripting via URLs in posts, comments, …
|
CWE-79
Cross-site Scripting
|
CVE-2024-9873
|
2024-10-16 15:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
