Search Results (366859 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2022-4937 1 Wclovers 1 Frontend Manager For Woocommerce Along With Bookings Subscription Listings Compatible 2025-01-13 6.3 Medium
The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as subscribers, to perform a wide variety of actions such as modifying knowledge bases, modifying notices, modifying payments, managing vendors, capabilities, and so much more. There were hundreds of AJAX endpoints affected.
CVE-2023-29101 1 Muffingroup 1 Betheme 2025-01-13 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Muffingroup Betheme theme <= 26.7.5 versions.
CVE-2023-2549 1 Featherplugins 1 Feather Login Page 2025-01-13 8.8 High
The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a new user with administrator role via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can leverage CVE-2023-2545 to get the login link or request a password reset to the new user's email address.
CVE-2023-2547 1 Featherplugins 1 Feather Login Page 2025-01-13 5.4 Medium
The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete the temp user generated by the plugin.
CVE-2023-2545 1 Featherplugins 1 Feather Login Page 2025-01-13 8.1 High
The Feather Login Page plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'getListOfUsers' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to access the login links, which can be used for privilege escalation.
CVE-2022-30544 1 Hyumika 1 Openstreetmap 2025-01-13 4.3 Medium
Cross-Site Request Forgery (CSRF) in MiKa's OSM – OpenStreetMap plugin <= 6.0.1 versions.
CVE-2022-40697 1 3commarketing 1 3com-asesor-de-cookies 2025-01-13 4.8 Medium
Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in 3com – Asesor de Cookies para normativa española plugin <= 3.4.3 versions.
CVE-2023-22721 1 Oi Yandex.maps Project 1 Oi Yandex.maps 2025-01-13 6.5 Medium
Auth. Stored Cross-Site Scripting (XSS) in Oi Yandex.Maps for WordPress <= 3.2.7 versions.
CVE-2023-23687 1 Youtube Shortcode Project 1 Youtube Shortcode 2025-01-13 6.5 Medium
Auth. Stored Cross-Site Scripting (XSS) vulnerability in Youtube shortcode <= 1.8.5 versions.
CVE-2022-45820 1 Thimpress 1 Learnpress 2025-01-13 9.1 Critical
SQL Injection (SQLi) vulnerability in LearnPress – WordPress LMS Plugin <= 4.1.7.3.2 versions.
CVE-2022-36401 1 Standalonetech 1 Terawallet 2025-01-13 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in TeraWallet – For WooCommerce plugin <= 1.3.24 versions.
CVE-2022-44585 1 Magneticlab 1 Homepage Pop-up 2025-01-13 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions.
CVE-2022-27628 1 Wzone Project 1 Wzone 2025-01-13 4.7 Medium
Cross-Site Request Forgery (CSRF) vulnerability in AA-Team WZone – Lite Version plugin 3.1 Lite versions.
CVE-2022-29416 1 Afterpay 1 Afterpay Gateway For Woocommerce 2025-01-13 4.7 Medium
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Afterpay Gateway for WooCommerce <= 3.5.0 versions.
CVE-2022-41134 1 Optinly 1 Optinly 2025-01-13 5.4 Medium
Cross-Site Request Forgery (CSRF) in OptinlyHQ Optinly – Exit Intent, Newsletter Popups, Gamification & Opt-in Forms plugin <= 1.0.15 versions.
CVE-2022-43469 1 Orchestrated 1 Corona Virus \(covid-19\) Banner \& Live Data 2025-01-13 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Orchestrated Corona Virus (COVID-19) Banner & Live Data plugin <= 1.7.0.6 versions.
CVE-2023-25066 1 Foliovision 1 Fv Flowplayer Video Player 2025-01-13 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in FolioVision FV Flowplayer Video Player plugin <= 7.5.30.7212 versions.
CVE-2023-25065 1 Shapedplugin 1 Wp Tabs 2025-01-13 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions.
CVE-2022-46862 1 Expresstech 1 Quiz And Survey Master 2025-01-13 4.3 Medium
Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.7 versions.
CVE-2023-24382 1 Material Design Icons For Page Builders Project 1 Material Design Icons For Page Builders 2025-01-13 5.4 Medium
Cross-Site Request Forgery (CSRF) vulnerability in Photon WP Material Design Icons for Page Builders plugin <= 1.4.2 versions.