7.1
CVE-2024-45715 - SolarWinds Platform Edit Function Cross-Site Scripting Vulnerability
The SolarWinds Platform was susceptible to a Cross-Site Scripting vulnerability when performing an edit function to existing elements.
7.8
CVE-2024-45710 - SolarWinds Platform Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
SolarWinds Platform is susceptible to an Uncontrolled Search Path Element Local Privilege Escalation vulnerability. This requires a low privilege account and local access to the affected node machine.
7.1
CVE-2023-7294 - Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_profil…
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized data modification due to a missing capability check on the create_mollie_profile function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-leve…
4.3
CVE-2023-7293 - Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'check_mollie_account…
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the check_mollie_account_details function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-…
4.3
CVE-2023-7292 - Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismi…
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytium_notice_dismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscribe…
8.3
CVE-2020-36839 - WP Lead Plus X <= 0.99 - Cross-Site Request Forgery
The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as addi…
8.8
CVE-2024-8507 - File Manager Pro <= 8.3.9 - Cross-Site Request Forgery to Arbitrary File Upload
The File Manager Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.3.9. This is due to missing or incorrect nonce validation on the 'mk_file_folder_manager' ajax action. This makes it possible for unauthenticated attackers to upload arbitra…
7.2
CVE-2019-25216 - Rich Reviews <= 1.7.4 - Stored Cross-Site Scripting
The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scr…
7.1
CVE-2023-7291 - Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'create_mollie_accoun…
The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_mollie_account function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with subscriber-l…
7.2
CVE-2019-25214 - ShopWP <= 2.0.4 - Missing Authorization to Stored Cross-Site Scripting
The ShopWP plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several REST API routes in versions up to, and including, 2.0.4. This makes it possible for unauthenticated attackers to call the endpoints and perform unauthorized actions such as updating th…