Page 3 of 20 results (0.005 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

Authenticated Database Reset vulnerability in WordPress WP Reset PRO Premium plugin (versions <= 5.98) allows any authenticated user to wipe the entire database regardless of their authorization. It leads to a complete website reset and takeover. Una vulnerabilidad de restablecimiento de la base de datos autenticada en el plugin WP Reset PRO Premium de WordPress (versiones anteriores a 5.98 incluyéndola) permite a cualquier usuario autenticado borrar toda la base de datos independientemente de su autorización. Conlleva a un restablecimiento completo del sitio web y a la toma de posesión. • https://patchstack.com/database/vulnerability/wp-reset/wordpress-wp-reset-pro-premium-plugin-5-98-authenticated-database-reset-vulnerability https://patchstack.com/wp-reset-pro-critical-vulnerability-fixed https://wpreset.com/changelog • CWE-284: Improper Access Control CWE-862: Missing Authorization •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

The Maintenance WordPress plugin before 4.03 does not sanitise or escape some of its settings, allowing high privilege users such as admin to se Cross-Site Scripting payload in them (even when the unfiltered_html capability is disallowed), which will be triggered in the frontend El plugin de WordPress Maintenance versiones anteriores a 4.03, no sanea o escapa de algunas de sus configuraciones, permitiendo a usuarios con altos privilegios, como los administradores, ver en ellas cargas útiles de tipo Cross-Site Scripting (incluso cuando la capacidad unfiltered_html está deshabilitada), que serán desencadenadas en el frontend. • https://wpscan.com/vulnerability/174b2119-b806-4da4-a23d-c19b552c86cb • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 1

The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue El plugin de WordPress WP Reset - Most Advanced WordPress Reset Tool versiones anteriores a 1.90, no saneaba o escapaba de su parámetro extra_data cuando se crea una instantánea por medio del panel de administración, conllevando a un problema de tipo Cross-Site Scripting Almacenado autenticado • https://m0ze.ru/vulnerability/%5B2021-05-26%5D-%5BWordPress%5D-%5BCWE-79%5D-WP-Reset-WordPress-Plugin-v1.86.txt https://wpscan.com/vulnerability/90cf8f9d-4d37-405d-b161-239bdb281828 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0

Unvaludated input in the 301 Redirects - Easy Redirect Manager WordPress plugin, versions before 2.51, did not sanitise its "Redirect From" column when importing a CSV file, allowing high privilege users to perform SQL injections. Una entrada no valorada en el plugin de WordPress 301 Redirects - Easy Redirect Manager, versiones anteriores a 2.51, no saneaba su columna "Redirect From" cuando se importa un archivo CSV, permitiendo a usuarios muy privilegiado llevar a cabo inyecciones SQL • https://wpscan.com/vulnerability/19800898-d7b6-4edd-887b-dac3c0597f14 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 1

The WordPress plugin, WP Database Reset through 3.1, contains a flaw that gave any authenticated user, with minimal permissions, the ability (with a simple wp-admin/admin.php?db-reset-tables[]=users request) to escalate their privileges to administrator while dropping all other users from the table. El plugin de WordPress, WP Database Reset versiones hasta 3.1, contiene un fallo que otorgó a cualquier usuario autenticado, con permisos mínimos, la capacidad (con una petición simple wp-admin/admin.php?db-reset-tables[]=users) para escalar sus privilegios a administrador mientras elimina a todos los otros usuarios de la tabla. • https://wordpress.org/plugins/wordpress-database-reset/#developers https://wpvulndb.com/vulnerabilities/10028 https://www.wordfence.com/blog/2020/01/easily-exploitable-vulnerabilities-patched-in-wp-database-reset-plugin • CWE-269: Improper Privilege Management •