|
314801
|
8.8 |
HIGH
Network
|
-
|
-
|
The Essential Addons for Elementor plugin for WordPress is vulnerable to privilege escalation in versions up to and including 4.6.4 due to a lack of restrictions on who can add a registration form a…
|
CWE-862
Missing Authorization
|
CVE-2021-4447
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314802
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The Essential Addons for Elementor plugin for WordPress is vulnerable to authorization bypass in versions up to and including 4.6.4 due to missing capability checks and nonce disclosure. This makes i…
|
CWE-862
Missing Authorization
|
CVE-2021-4446
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314803
|
- |
|
-
|
-
|
The Product Filter by WooBeWoo plugin for WordPress is vulnerable to authorization bypass in versions up to, and including 1.4.9 due to missing authorization checks on various functions. This makes i…
|
CWE-862
Missing Authorization
|
CVE-2021-4444
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314804
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The WordPress Mega Menu plugin for WordPress is vulnerable to Arbitrary File Creation in versions up to, and including, 2.0.6 via the compiler_save AJAX action. This makes it possible for unauthentic…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2021-4443
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314805
|
8.3 |
HIGH
Network
|
-
|
-
|
The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. …
|
CWE-352
Origin Validation Error
|
CVE-2020-36839
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314806
|
7.4 |
HIGH
Network
|
-
|
-
|
The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5. This flaw …
|
CWE-284
Improper Access Control
|
CVE-2020-36838
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314807
|
9.9 |
CRITICAL
Network
|
-
|
-
|
The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1. This m…
|
CWE-862
Missing Authorization
|
CVE-2020-36837
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314808
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on var…
|
CWE-862
Missing Authorization
|
CVE-2020-36834
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314809
|
6.3 |
MEDIUM
Network
|
-
|
-
|
The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6. This makes it possible for authent…
|
CWE-862
Missing Authorization
|
CVE-2020-36833
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314810
|
9.8 |
CRITICAL
Network
|
-
|
-
|
The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6. This makes it possible for unauthenticated attackers to login a…
|
CWE-287
Improper Authentication
|
CVE-2020-36832
|
2024-10-16 16:15 |
2024-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
