Page 23 of 1613 results (0.069 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

30 Sep 2024 — The Wechat Social login plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.3.0. ... El complemento Wechat Social login para WordPress es vulnerable a la omisión de autenticación en versiones hasta la 1.3.0 incluida. • https://github.com/RandomRobbieBF/CVE-2024-9106 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

30 Sep 2024 — The Wechat Social login plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'convert_remoteimage_to_local' function in versions up to, and including, 1.3.0. ... El complemento Wechat Social login para WordPress es vulnerable a la carga de archivos arbitrarios debido a una validación insuficiente del tipo de archivo en la función 'convert_remoteimage_to_local' en versiones hasta la 1.3.0 incluida. • https://plugins.trac.wordpress.org/browser/wechat-social-login/trunk/includes/social/class-xh-social-wp-api.php?rev=2111074#L39 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

30 Sep 2024 — The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 5.4.6. ... El complemento Echo RSS Feed Post Generator para WordPress es vulnerable a la escalada de privilegios en todas las versiones hasta la 5.4.6 incluida. • https://codecanyon.net/item/echo-rss-feed-post-generator-plugin-for-wordpress/19486974 • CWE-269: Improper Privilege Management •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

30 Sep 2024 — The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 8.4.1. ... El complemento WordPress & WooCommerce Affiliate Program para WordPress es vulnerable a la omisión de autenticación en todas las versiones hasta la 8.4.1 incluida. • https://codecanyon.net/item/wordpress-woocommerce-affiliate-program/23580333 • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 3

27 Sep 2024 — The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.16.1 via deserialization of untrusted input via several parameters like 'give_title' and 'card_address'. ... Proof of concept exploit for WordPress GiveWP plugin versions up to and including 3.16.1. • https://www.rcesecurity.com/2024/08/wordpress-givewp-pop-to-rce-cve-2024-5932 • CWE-502: Deserialization of Untrusted Data •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

25 Sep 2024 — The Jupiter X Core plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 4.7.5. • https://plugins.trac.wordpress.org/browser/jupiterx-core/trunk/includes/extensions/raven/includes/modules/forms/classes/social-login-handler/facebook.php • CWE-288: Authentication Bypass Using an Alternate Path or Channel •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

25 Sep 2024 — The Use Any Font plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.08. • https://patchstack.com/database/vulnerability/use-any-font/wordpress-use-any-font-plugin-6-3-08-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

25 Sep 2024 — The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.15.1. • https://patchstack.com/database/vulnerability/give/wordpress-givewp-donation-plugin-and-fundraising-platform-plugin-3-15-1-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

24 Sep 2024 — The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. • https://plugins.trac.wordpress.org/browser/rest-api-to-miniprogram/tags/4.7.0/includes/api/ram-rest-weixin-controller.php#L264 • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

24 Sep 2024 — The Vmax Project Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0. • https://patchstack.com/database/vulnerability/vmax-project-manager/wordpress-vmax-project-manager-plugin-1-0-local-file-inclusion-to-rce-vulnerability? • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •