CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-37444 – WordPress Defender plugin <= 4.7.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-37444
28 Jun 2024 — Missing Authorization vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.7.1. The Defender Security plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the clear_config_transient() function in versions up to, and including, 4.7.2. This makes it possible for unauthenticated attackers to clear config data. • https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-plugin-4-7-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2024-25595 – WordPress Defender Security plugin <= 4.4.1 - IP Restriction Bypass vulnerability
https://notcve.org/view.php?id=CVE-2024-25595
12 Feb 2024 — Authentication Bypass by Spoofing vulnerability in WPMU DEV Defender Security allows Functionality Bypass.This issue affects Defender Security: from n/a through 4.4.1. La vulnerabilidad de omisión de autenticación mediante suplantación de identidad en WPMU DEV Defender Security permite la omisión de funcionalidad. Este problema afecta a Defender Security: desde n/a hasta 4.4.1. The Defender Security – Malware Scanner, Login Security & Firewall plugin for WordPress is vulnerable to IP Address Spoofing in all... • https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-4-4-1-ip-restriction-bypass-vulnerability?_s_id=cve • CWE-290: Authentication Bypass by Spoofing CWE-693: Protection Mechanism Failure •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-51490 – WordPress Defender Security Plugin <= 4.1.0 is vulnerable to Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-51490
27 Dec 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en WPMU DEV Defender Security: análisis de malware, seguridad de inicio de sesión y firewall. Este problema afecta a Defender Security: análisis de malware, seguridad de inic... • https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-4-1-0-sensitive-data-exposure-via-log-file-vulnerability?_s_id=cve • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-47189 – WordPress Defender Security plugin <= 4.2.0 - Masked Login Area View Bypass vulnerability
https://notcve.org/view.php?id=CVE-2023-47189
03 Nov 2023 — Improper Authentication vulnerability in WPMU DEV Defender Security allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Defender Security: from n/a through 4.2.0. Una vulnerabilidad de autenticación incorrecta en WPMU DEV Defender Security permite acceder a funciones que no están correctamente restringidas por las ACL. Este problema afecta a Defender Security: desde n/a hasta 4.2.0. The Defender Security – Malware Scanner, Login Security & Firewall plugin for WordPress is vuln... • https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-securit-plugin-4-2-0-masked-login-area-view-bypass-vulnerability?_s_id=cve • CWE-287: Improper Authentication CWE-693: Protection Mechanism Failure •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 3CVE-2023-5089 – Defender Security < 4.1.0 - Protection Bypass (Hidden Login Page)
https://notcve.org/view.php?id=CVE-2023-5089
06 Sep 2023 — The Defender Security WordPress plugin before 4.1.0 does not prevent redirects to the login page via the auth_redirect WordPress function, allowing an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled. El complemento Defender Security para WordPress anterior a 4.1.0 no impide las redirecciones a la página de inicio de sesión a través de la función auth_redirect de WordPress, lo que permite que un visitante no autenticado acceda a la página... • https://github.com/Cappricio-Securities/CVE-2023-5089 • CWE-693: Protection Mechanism Failure •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-44581 – WordPress Defender Security plugin <= 3.3.2 - Broken Authentication vulnerability
https://notcve.org/view.php?id=CVE-2022-44581
23 Nov 2022 — Insecure Storage of Sensitive Information vulnerability in WPMU DEV Defender Security allows : Screen Temporary Files for Sensitive Information.This issue affects Defender Security: from n/a through 3.3.2. La vulnerabilidad de almacenamiento inseguro de información confidencial en WPMU DEV Defender Security permite: examinar archivos temporales en busca de información confidencial. Este problema afecta a Defender Security: desde n/a hasta 3.3.2. The Defender Security plugin for WordPress is vulnerable to Se... • https://patchstack.com/database/vulnerability/defender-security/wordpress-defender-security-plugin-3-3-2-broken-authentication-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-922: Insecure Storage of Sensitive Information •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 8CVE-2021-4425 – Defender Security <= 2.4.6 - Cross-Site Request Forgery Bypass
https://notcve.org/view.php?id=CVE-2021-4425
01 Mar 2021 — The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • https://blog.nintechnet.com/25-wordpress-plugins-vulnerable-to-csrf-attacks • CWE-352: Cross-Site Request Forgery (CSRF) •