CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27456 – WordPress Total theme <= 2.1.19 - Authenticated Arbitrary Plugin Activation
https://notcve.org/view.php?id=CVE-2023-27456
01 Mar 2023 — Missing Authorization vulnerability in HashThemes Total allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total: from n/a through 2.1.19. The Total theme for WordPress is vulnerable to Plugin Activation due to insufficient capability and nonce checks on the 'activate_plugin' function in versions up to, and including, 2.1.19. This allows any authenticated attacker with subscriber-level capabilities or greater to activate arbitrary plugins already installed on the site... • https://patchstack.com/database/wordpress/theme/total/vulnerability/wordpress-total-theme-2-1-19-authenticated-arbitrary-plugin-activation?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1CVE-2022-3096 – WP Total Hacks <= 4.7.2 - Subscriber+ Arbitrary Options Update to Stored XSS
https://notcve.org/view.php?id=CVE-2022-3096
10 Oct 2022 — The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. This could allow users such as subscribers to perform Stored Cross-Site Scripting attacks against other users, like administrators, due to the lack of sanitisation and escaping as well. El complemento de WordPress WP Total Hacks hasta 4.7.2 no impide que los usuarios con privilegios bajos modifiquen la configuración del complemento. Esto podría permitir a usuarios como suscriptores re... • https://wpscan.com/vulnerability/46996537-a874-4b2e-9cd7-7d0832f9704d • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-862: Missing Authorization •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2007-0263
https://notcve.org/view.php?id=CVE-2007-0263
16 Jan 2007 — Unspecified vulnerability in Total Commander before 6.5.6 allows user-assisted remote attackers to delete arbitrary files and corrupt a filesystem via a crafted RAR file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad desconocida en Total Commander versiones anteriores a 6.5.6, permite a atacantes remotos con la complicidad del usuario borrar ficheros de su elección y corromper el sistema de ficheros mediante un fichero RAR m... • http://osvdb.org/39837 •