8 results (0.005 seconds)

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

26 Aug 2024 — Missing Authorization vulnerability in LWS LWS Affiliation allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LWS Affiliation: from n/a through 2.3.4. The LWS Affiliation plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.3.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/lws-affiliation/wordpress-lws-affiliation-plugin-2-3-3-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

29 Mar 2024 — Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Optimize.This issue affects LWS Optimize: from n/a through 1.9.1. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en LWS LWS Optimize. Este problema afecta a LWS Optimize: desde n/a hasta 1.9.1. The LWS Optimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. This is due to missing or incorrect nonce validation on the several functions. • https://patchstack.com/database/vulnerability/lws-optimize/wordpress-lws-optimize-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

16 Nov 2023 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in LWS LWS Hide Login allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects LWS Hide Login: from n/a through 2.1.8. Exposición de información confidencial a una vulnerabilidad de actor no autorizado en LWS LWS Hide Login permite acceder a funciones no restringidas adecuadamente por las ACL. Este problema afecta a LWS Hide Login: desde n/a hasta 2.1.8. The LWS Hide Login plugin for WordPress is vulnerable to... • https://patchstack.com/database/vulnerability/lws-hide-login/wordpress-lws-hide-login-plugin-2-1-8-secret-login-page-location-disclosure-on-multisites-vulnerability?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-693: Protection Mechanism Failure •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

24 Jul 2023 — Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LWS LWS Affiliation allows PHP Local File Inclusion.This issue affects LWS Affiliation: from n/a through 2.2.6. Limitación incorrecta de una vulnerabilidad de nombre de ruta a un directorio restringido ("Path Traversal") en LWS LWS Affiliation permite la inclusión de archivos locales PHP. Este problema afecta a LWS Affiliation: desde n/a hasta 2.2.6. The LWS Affiliation plugin for WordPress is vulnerable to Remot... • https://patchstack.com/database/vulnerability/lws-affiliation/wordpress-lws-affiliation-plugin-2-2-6-local-file-inclusion-vulnerability?_s_id=cve • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

16 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions. The LWS Tools plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cross-Site Request Forgery (CSRF) vulnerabi... • https://patchstack.com/database/vulnerability/lws-tools/wordpress-lws-tools-plugin-2-4-1-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

16 Jun 2023 — Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions. The LWS Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Cross-Site Request Forgery (CSRF) vulnerabi... • https://patchstack.com/database/vulnerability/lws-cleaner/wordpress-lws-cleaner-plugin-2-3-0-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

31 May 2023 — Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Hide Login plugin <= 2.1.6 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento LWS LWS Hide Login en versiones <= 2.1.6. The LWS Hide Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.6. This is due to missing nonce validation on several of its functions such as lws_hl_create_page() and lws_hl_create_page_network(). This makes it possible for unauthenticated at... • https://patchstack.com/database/vulnerability/lws-hide-login/wordpress-lws-hide-login-plugin-2-1-5-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

02 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.3.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento LWS LWS Tools en versiones <=2.3.1. The LWS Tools plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on 'lws_tk_create_page' function and several AJAX actions. This makes it possible for unauthenticated attackers to modify the database pref... • https://patchstack.com/database/vulnerability/lws-tools/wordpress-lws-tools-plugin-2-3-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •