CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-23776 – WordPress Cache Sniper for Nginx plugin <= 1.0.4.2 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2025-23776
16 Jan 2025 — Missing Authorization vulnerability in Thorn Technologies LLC Cache Sniper for Nginx allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cache Sniper for Nginx: from n/a through 1.0.4.2. The Cache Sniper for Nginx plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform an ... • https://patchstack.com/database/wordpress/plugin/snipe-nginx-cache/vulnerability/wordpress-cache-sniper-for-nginx-plugin-1-0-4-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-56236 – WordPress Hestia Nginx Cache plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-56236
30 Dec 2024 — Missing Authorization vulnerability in Jakob Bouchard Hestia Nginx Cache allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hestia Nginx Cache: from n/a through 2.4.0. The Hestia Nginx Cache plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the purge() function in versions up to, and including, 2.4.0. This makes it possible for unauthenticated attackers to purge cache. • https://patchstack.com/database/wordpress/plugin/hestia-nginx-cache/vulnerability/wordpress-hestia-nginx-cache-plugin-2-4-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 6.5EPSS: 1%CPEs: 285EXPL: 2CVE-2009-3898 – Nginx 0.7.61 - WebDAV Directory Traversal
https://notcve.org/view.php?id=CVE-2009-3898
24 Nov 2009 — Directory traversal vulnerability in src/http/modules/ngx_http_dav_module.c in nginx (aka Engine X) before 0.7.63, and 0.8.x before 0.8.17, allows remote authenticated users to create or overwrite arbitrary files via a .. (dot dot) in the Destination HTTP header for the WebDAV (1) COPY or (2) MOVE method. Vulnerabilidad de salto de directorio en src/http/modules/ngx_http_dav_module.c en nginx (como Engine X) anterior v0.7.63, y v0.8.x anterior v0.8.17, permite a usuarios autentificados remotamente crear y s... • https://www.exploit-db.com/exploits/9829 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 2%CPEs: 283EXPL: 2CVE-2009-3896
https://notcve.org/view.php?id=CVE-2009-3896
24 Nov 2009 — src/http/ngx_http_parse.c in nginx (aka Engine X) 0.1.0 through 0.4.14, 0.5.x before 0.5.38, 0.6.x before 0.6.39, 0.7.x before 0.7.62, and 0.8.x before 0.8.14 allows remote attackers to cause a denial of service (NULL pointer dereference and worker process crash) via a long URI. src/http/ngx_http_parse.c en nginx (como Engine X) v0.1.0 hasta v0.4.14, v0.5.x anterior v0.5.38, v0.6.x anterior v0.6.39, v0.7.x anterior v0.7.62, y v0.8.x anterior 0.8.14 permite a atacantes remotos causar una denegación de servic... • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=552035 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •