CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37444 – WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37444
28 Jun 2024 — Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1. The Defender Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clear_config_transient() function in versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to clear config data. • https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-plugin-4-7-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25595 – WordPress Defender Security plugin <= 4.4.1 - IP Restriction Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-25595
12 Feb 2024 — Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. La vulnerabilidad de omisión de autenticación mediante suplantación de identidad en WPMU DEV Defender Security permite la omisión de funcionalidad. Este problema afecta a Defender Security: desde n/a hasta 4.4.1. The Defender Security – Malware Scanner, Login Security & Firewall plugin for WordPress is vulnerable to IP Address Spoofing in all... • https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-4-4-1-ip-restriction-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47189 – WordPress Defender Security plugin <= 4.2.0 - Masked Login Area View Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-47189
03 Nov 2023 — Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0. Una vulnerabilidad de autenticación incorrecta en WPMU DEV Defender Security permite acceder a funciones que no están correctamente restringidas por las ACL. Este problema afecta a Defender Security: desde n/a hasta 4.2.0. The Defender Security – Malware Scanner, Login Security & Firewall plugin for WordPress is vuln... • https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-securit-plugin-4-2-0-masked-login-area-view-bypass-vulnerability?_s_id=cve • CWE-287: Improper Authentication CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44581 – WordPress Defender Security plugin <= 3.3.2 - Broken Authentication vulnerability
https://notcve.org/view.php?id=CVE-2022-44581
23 Nov 2022 — Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. La vulnerabilidad de almacenamiento inseguro de información confidencial en WPMU DEV Defender Security permite: examinar archivos temporales en busca de información confidencial. Este problema afecta a Defender Security: desde n/a hasta 3.3.2. The Defender Security plugin for WordPress is vulnerable to Se... • https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-3-3-2-broken-authentication-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •