CVSS: 10.0EPSS: 30%CPEs: 15EXPL: 0CVE-2022-40700 – Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins
https://notcve.org/view.php?id=CVE-2022-40700
03 Mar 2023 — Server-Side Request Forgery (SSRF) vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress and WooCommerce, Long Watch Studio WooSupply – Suppliers, Supply Orders and Stock Management, Squidesma Theme Minifier, Paul Clark Styles styles, Designmodo Inc. WordPress Page Builder – Qards, Philip M. Hofer (Fru... • https://patchstack.com/database/vulnerability/admin-css-mu/wordpress-admin-css-mu-plugin-2-6-server-side-request-forgery-ssrf-vulnerability?_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20156 – WP Maintenance Mode <= 2.0.6 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-20156
14 Dec 2018 — The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated "site administrator" users to execute arbitrary PHP code throughout a multisite network. El plugin WP Maintenance Mode, en versiones anteriores a la 2.0.7 para WordPress, permite que usuarios "site administrator" autenticados remotos ejecuten código PHP arbitrario mediante una red multisitio. • https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode • CWE-20: Improper Input Validation •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2017-18598 – Qards (All Versions) - Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2017-18598
11 Oct 2017 — The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. El plugin Qards hasta el 11-10-2017 para WordPress, presenta una vulnerabilidad de tipo XSS por medio de un documento remoto especificado en el parámetro url en el archivo html2canvasproxy.php. • https://wpvulndb.com/vulnerabilities/8934 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20155 – WP Maintenance Mode <= 2.0.6 - Missing Authorization
https://notcve.org/view.php?id=CVE-2018-20155
06 Jul 2016 — The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings. El plugin WP Maintenance Mode, en versiones anteriores a la 2.0.7 para WordPress, permite que usuarios suscriptores autenticados remotos omitan las restricciones de acceso planeadas en los cambios en las opciones del plugin. • https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode • CWE-862: Missing Authorization •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-20154 – WP Maintenance Mode <= 2.0.6 - Authenticated Information Disclosure
https://notcve.org/view.php?id=CVE-2018-20154
06 Jul 2016 — The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated users to discover all subscriber e-mail addresses. El plugin WP Maintenance Mode, en versiones anteriores a la 2.0.7 para WordPress, permite que usuarios autenticados remotos descubran las direcciones de email de todos los suscriptores. • https://www.wordfence.com/blog/2016/07/3-vulnerabilities-wp-maintenance-mode • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •