| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The ProfileGrid – User Profiles, Groups and Communities plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 5.9.9.5. This is due to the plugin not validating a `user_login` on registration forms that don't contain this parameter, and not properly handling the error messages. This makes it possible for unauthenticated attackers to change email address of user account with ID=1 (usually an administrator), and leverage that to reset the user's password and gain access to their account. |
| The MIR blocks and shortcodes plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'title' attribute (and other attributes such as 'ready_animation_text') of the 'msc_stats' shortcode in versions up to, and including, 1.0.0. This is due to insufficient input sanitization and output escaping on user supplied shortcode attributes inside the msc_stats() rendering function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. |
| Unauthenticated Broken Access Control in Japanized For WooCommerce <= 2.9.12 versions. |
| Subscriber Broken Access Control in MainWP <= 6.1.1 versions. |
| Subscriber Broken Access Control in Wallet System for WooCommerce <= 2.7.6 versions. |
| Unauthenticated Cross Site Scripting (XSS) in BEAR <= 1.1.8 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Landing Page Builder <= 1.5.3.5 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Link Whisper Free <= 0.9.4 versions. |
| Unauthenticated Broken Access Control in WP User Frontend <= 4.3.7 versions. |
| Unauthenticated Cross Site Scripting (XSS) in Jobify <= 4.3.2 versions. |
| Unauthenticated Cross Site Scripting (XSS) in ARForms <= 7.1.2 versions. |
| The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server. |
| The YMC Filter WordPress plugin before 3.11.3 does not properly authorize access to one of its REST API endpoints and does not validate a user-supplied query parameter, allowing unauthenticated attackers to retrieve the titles and content of private, draft, and other non-public posts. |
| The SALESmanago & Leadoo WordPress plugin before 3.11.3 does not properly sanitise and escape a parameter passed to one of its AJAX actions before using it in a SQL statement, and fails to enforce authorisation on that action, allowing authenticated users with minimal permissions, such as subscribers, to perform SQL injection attacks. |
| Contributor Broken Access Control in Forget About Shortcode Buttons <= 2.1.3 versions. |
| Subscriber Broken Access Control in Restaurant Menu by MotoPress <= 2.4.11 versions. |
| Contributor Broken Access Control in Live Copy Paste for Elementor <= 1.5.3 versions. |
| Unauthenticated Broken Access Control in Donation Thermometer <= 2.2.7 versions. |
| Unauthenticated Content Injection in Auros Core <= 5.3.1 versions. |
| Unauthenticated Insecure Direct Object References (IDOR) in BookPro <= 1.1.0 versions. |
