Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-10-16 CVE-2019-25215 The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14.
network
low complexity
CWE-862
7.3
7.3
2024-10-16 CVE-2019-25216 The Rich Review plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the POST body 'update' parameter in versions up to, and including, 1.7.4 due to insufficient input sanitization and output escaping.
network
low complexity
CWE-79
7.2
7.2
2024-10-16 CVE-2019-25217 The SiteGround Optimizer plugin for WordPress is vulnerable to authorization bypass leading to Remote Code Execution and Local File Inclusion in versions up to, and including, 5.0.12 due to incorrect use of an access control attribute on the switch_php function called via the /switch-php REST API route.
network
low complexity
CWE-862
critical
 9.8
9.8
2024-10-16 CVE-2020-36831 The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on multiple user privilege/security functions provided in versions up to, and including 4.3.17.
network
low complexity
CWE-284
5.0
5.0
2024-10-16 CVE-2020-36832 The Ultimate Membership Pro plugin for WordPress is vulnerable to Authentication Bypass in versions between, and including, 7.3 to 8.6.
network
low complexity
CWE-287
critical
 9.8
9.8
2024-10-16 CVE-2020-36833 The Indeed Membership Pro plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on various AJAX actions in versions 7.3 - 8.6.
network
low complexity
CWE-862
6.3
6.3
2024-10-16 CVE-2020-36834 The Discount Rules for WooCommerce plugin for WordPress is vulnerable to missing authorization via several AJAX actions in versions up to, and including, 2.0.2 due to missing capability checks on various functions.
network
low complexity
CWE-862
6.3
6.3
2024-10-16 CVE-2020-36835 The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to sensitive information disclosure of a WordPress site's database due to missing capability checks on the wp_ajax_wpvivid_add_remote AJAX action that allows low-level authenticated attackers to send back-ups to a remote location of their choice for review.
network
low complexity
CWE-200
4.9
4.9
2024-10-16 CVE-2020-36837 The ThemeGrill Demo Importer plugin for WordPress is vulnerable to authentication bypass due to a missing capability check on the reset_wizard_actions function in versions 1.3.4 through 1.6.1.
network
low complexity
CWE-862
critical
 9.9
9.9
2024-10-16 CVE-2020-36838 The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_update_options function in versions up to, and including, 1.5.
network
low complexity
CWE-284
7.4
7.4