NotCVE - Wordpress cvss:10

Page 149 of 1624 results (0.085 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-36427 – WordPress About Rentals plugin <= 1.5 - Missing Access Control vulnerability

https://notcve.org/view.php?id=CVE-2022-36427

25 Aug 2022 — About Rentals plugin <= 1.5 at WordPress. ... About Rentals plugin versiones anteriores a 1.5 incluyéndola, en WordPress. The About Rentals plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when saving settings in versions up to, and including, 1.5. • https://patchstack.com/database/vulnerability/about-rentals/wordpress-about-rentals-plugin-1-5-missing-access-control-vulnerability/_s_id=cve • CWE-264: Permissions, Privileges, and Access Controls CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-35726 – WordPress Video Gallery plugin <= 1.3.4.5 - Broken Authentication vulnerability

https://notcve.org/view.php?id=CVE-2022-35726

22 Aug 2022 — Broken Authentication vulnerability in yotuwp Video Gallery plugin <= 1.3.4.5 at WordPress. Una vulnerabilidad de Autenticación Rota en el plugin yotuwp Video Gallery versiones anteriores a 1.3.4.5 incluyéndola, en WordPress. The Video Gallery plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deletecache function in versions up to, and including, 1.3.8. • https://patchstack.com/database/vulnerability/yotuwp-easy-youtube-embed/wordpress-video-gallery-plugin-1-3-4-5-broken-authentication • CWE-287: Improper Authentication CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-2433 – WordPress Infinite Scroll – Ajax Load More <= 5.5.3 - Cross-Site Request Forgery to PHAR Deserialization

https://notcve.org/view.php?id=CVE-2022-2433

22 Aug 2022 — The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including 5.5.3. ... El plugin WordPress Infinite Scroll - Ajax Load More para WordPress es vulnerable a una deserialización de entradas no confiables por medio del parámetro "alm_repeaters_export" en versiones hasta 5.5.3 incluyéndola. • https://plugins.trac.wordpress.org/changeset/2772627/ajax-load-more/trunk/admin/admin.php • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

CVE-2022-1194 – Mobile Events Manager < 1.4.8 - Admin+ CSV Injection

https://notcve.org/view.php?id=CVE-2022-1194

17 Aug 2022 — The Mobile Events Manager WordPress plugin before 1.4.8 does not properly escape the Enquiry source field when exporting events, or the Paid for field when exporting transactions as CSV, leading to a CSV injection vulnerability. El plugin Mobile Events Manager de WordPress versiones anteriores a 1.4.8 no escapa apropiadamente del campo Enquiry source cuando son exportados eventos, o del campo Paid for cuando son exportados transacciones como CSV, conllevando a una vulnerabilidad de inyección C... • https://wpscan.com/vulnerability/62be0991-f095-43cf-a167-3daaed254594 • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-36376 – WordPress Rank Math SEO plugin <= 1.0.95 - Server-Side Request Forgery (SSRF) vulnerability

https://notcve.org/view.php?id=CVE-2022-36376

12 Aug 2022 — Server-Side Request Forgery (SSRF) vulnerability in Rank Math SEO plugin <= 1.0.95 at WordPress. Una vulnerabilidad de tipo Server-Side Request Forgery (SSRF) en el plugin Rank Math SEO versiones anteriores a 1.0.95 incluyéndola, en WordPress The Rank Math SEO plugin for WordPress is vulnerable to Server Side Request Forgery in versions up to, and including 1.0.95, due to insufficient user input validation. • https://patchstack.com/database/vulnerability/seo-by-rank-math/wordpress-rank-math-seo-plugin-1-0-95-server-side-request-forgery-ssrf-vulnerability/_s_id=cve • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-36292 – WordPress Gallery PhotoBlocks plugin <= 1.2.6 - Cross-Site Request Forgery (CSRF) vulnerabilities

https://notcve.org/view.php?id=CVE-2022-36292

10 Aug 2022 — Cross-Site Request Forgery (CSRF) vulnerabilities in WPChill Gallery PhotoBlocks plugin <= 1.2.6 at WordPress. Unas vulnerabilidades de tipo Cross-Site Request Forgery (CSRF) en el plugin WPChill Gallery PhotoBlocks versiones anteriores a 1.2.6 incluyéndola, en WordPress. The Gallery PhotoBlocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. • https://patchstack.com/database/vulnerability/photoblocks-grid-gallery/wordpress-gallery-photoblocks-plugin-1-2-6-cross-site-request-forgery-csrf-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-2434 – String Locator <= 2.5.0 - Cross-Site Request Forgery to PHAR Deserialization

https://notcve.org/view.php?id=CVE-2022-2434

08 Aug 2022 — The String Locator plugin for WordPress is vulnerable to deserialization of untrusted input via the 'string-locator-path' parameter in versions up to, and including 2.5.0. ... El plugin String Locator para WordPress es vulnerable a la deserialización de entradas no confiables por medio del parámetro "string-locator-path" en versiones hasta 2.5.0 incluyéndola. • https://plugins.trac.wordpress.org/browser/string-locator/trunk/editor.php#L59 • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-34149 – WordPress WP OAuth Server plugin <= 3.0.4 - Authentication Bypass vulnerability

https://notcve.org/view.php?id=CVE-2022-34149

02 Aug 2022 — Authentication Bypass vulnerability in miniOrange WP OAuth Server plugin <= 3.0.4 at WordPress. Una vulnerabilidad de Omisión de Autenticación en el plugin miniOrange WP OAuth Server versiones anteriores a 3.0.4 incluyéndola, en WordPress. The plugin WP OAuth Server for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0.4. • https://patchstack.com/database/vulnerability/miniorange-oauth-20-server/wordpress-wp-oauth-server-plugin-3-0-4-authentication-bypass-vulnerability? • CWE-264: Permissions, Privileges, and Access Controls CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-34347 – WordPress Download Manager plugin <= 3.2.48 - Cross-Site Request Forgery (CSRF) vulnerability

https://notcve.org/view.php?id=CVE-2022-34347

02 Aug 2022 — Cross-Site Request Forgery (CSRF) vulnerability in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el plugin W3 Eden Download Manager versiones anteriores a 3.2.48 incluyéndola, en WordPress. The Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.48. • https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-cross-site-request-forgery-csrf-vulnerability • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-36288 – WordPress Download Manager plugin <= 3.2.48 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities

https://notcve.org/view.php?id=CVE-2022-36288

02 Aug 2022 — Multiple Cross-Site Request Forgery (CSRF) vulnerabilities in W3 Eden Download Manager plugin <= 3.2.48 at WordPress. Múltiples vulnerabilidades de tipo Cross-Site Request Forgery (CSRF) en el plugin W3 Eden Download Manager versiones anteriores a 3.2.48 incluyéndola, en WordPress. The Download Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.48. • https://patchstack.com/database/vulnerability/download-manager/wordpress-download-manager-plugin-3-2-48-multiple-cross-site-request-forgery-csrf-vulnerabilities • CWE-352: Cross-Site Request Forgery (CSRF) •

1...147 148 149 150 151