Page 5 of 41 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en StylemixThemes eRoom - Zoom Meetings &amp; Webinar (plugin de WordPress) versiones anteriores a 1.3.8 incluyéndola, permite una eliminación de la caché • https://patchstack.com/database/vulnerability/eroom-zoom-meetings-webinar/wordpress-eroom-plugin-1-3-8-cross-site-request-forgery-csrf-vulnerability-leading-to-cache-deletion https://wordpress.org/plugins/eroom-zoom-meetings-webinar/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom - Zoom Meetings &amp; Webinar (WordPress plugin) versiones anteriores a 1.3.7 incluyéndola, permite a un atacante sincronizar con Zoom Meetings • https://patchstack.com/database/vulnerability/eroom-zoom-meetings-webinar/wordpress-eroom-plugin-1-3-7-cross-site-request-forgery-csrf-leading-to-sync-with-zoom-meetings-vulnerability https://wordpress.org/plugins/eroom-zoom-meetings-webinar/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 9.8EPSS: 29%CPEs: 1EXPL: 5

The MasterStudy LMS WordPress plugin before 2.7.6 does to validate some parameters given when registering a new account, allowing unauthenticated users to register as an admin El plugin MasterStudy LMS de WordPress versiones anteriores a 2.7.6, no comprueba algunos parámetros dados cuando es registrada una nueva cuenta, permitiendo a usuarios no autenticados registrarse como administradores MasterStudy LMS, a WordPress plugin, prior to 2.7.6 is affected by a privilege escalation where an unauthenticated user is able to create an administrator account for wordpress itself. • https://www.exploit-db.com/exploits/50752 https://github.com/biulove0x/CVE-2022-0441 https://github.com/tegal1337/CVE-2022-0441 https://github.com/kyukazamiqq/CVE-2022-0441 https://plugins.trac.wordpress.org/changeset/2667195 https://wpscan.com/vulnerability/173c2efe-ee9c-4539-852f-c242b4f728ed https://gist.github.com/numanturle/4762b497d3b56f1a399ea69aa02522a6 • CWE-269: Improper Privilege Management •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

The uListing plugin for WordPress is vulnerable to generic SQL Injection via the ‘listing_id’ parameter in versions up to, and including, 1.6.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database. • https://blog.nintechnet.com/wordpress-ulisting-plugin-fixed-multiple-critical-vulnerabilities https://www.wordfence.com/threat-intel/vulnerabilities/id/10b7a88f-ce46-42aa-ab5a-81f38288a659?source=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Unauthenticated Privilege Escalation vulnerability in WordPress uListing plugin (versions <= 2.0.5). Possible if WordPress configuration allows user registration. Una vulnerabilidad de Escalada de Privilegios no autenticada en el plugin uListing de WordPress (versiones anteriores a 2.0.5 incluyéndola). Es posible si la configuración de WordPress permite un registro de usuarios • https://patchstack.com/database/vulnerability/ulisting/wordpress-ulisting-plugin-2-0-5-unauthenticated-privilege-escalation-vulnerability https://wordpress.org/plugins/ulisting/#developers • CWE-264: Permissions, Privileges, and Access Controls CWE-269: Improper Privilege Management •