Filtered by vendor Wp-buy
Subscribe
Search
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24190 | 1 Wp-buy | 1 Conditional Marketing Mailer | 2022-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WooCommerce Conditional Marketing Mailer WordPress plugin before 1.5.2, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. | |||||
| CVE-2021-24195 | 1 Wp-buy | 1 Login As User Or Customer \(user Switching\) | 2022-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login as User or Customer (User Switching) WordPress plugin before 1.8, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. | |||||
| CVE-2021-24194 | 1 Wp-buy | 1 Login Protection - Limit Failed Login Attempts | 2022-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Login Protection - Limit Failed Login Attempts WordPress plugin before 2.9, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. | |||||
| CVE-2021-24193 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2022-07-30 | 6.5 MEDIUM | 8.8 HIGH |
| Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Visitor Traffic Real Time Statistics WordPress plugin before 2.12, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. | |||||
| CVE-2021-24847 | 1 Wp-buy | 1 Seo Redirection-301 Redirect Manager | 2021-11-18 | 6.5 MEDIUM | 8.8 HIGH |
| The importFromRedirection AJAX action of the SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 8.2, available to any authenticated user, does not properly sanitise the offset parameter before using it in a SQL statement, leading an SQL injection when the redirection plugin is also installed | |||||
| CVE-2021-24829 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2021-11-10 | 6.5 MEDIUM | 8.8 HIGH |
| The Visitor Traffic Real Time Statistics WordPress plugin before 3.9 does not validate and escape user input passed to the today_traffic_index AJAX action (available to any authenticated users) before using it in a SQL statement, leading to an SQL injection issue | |||||
| CVE-2021-24189 | 1 Wp-buy | 1 Captchinoo | 2021-05-26 | 6.5 MEDIUM | 8.8 HIGH |
| Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the Captchinoo, Google recaptcha for admin login page WordPress plugin before 2.4, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. | |||||
| CVE-2021-24188 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2021-05-24 | 6.5 MEDIUM | 8.8 HIGH |
| Low privileged users can use the AJAX action 'cp_plugins_do_button_job_later_callback' in the WP Content Copy Protection & No Right Click WordPress plugin before 3.1.5, to install any plugin (including a specific version) from the WordPress repository, as well as activate arbitrary plugin from then blog, which helps attackers install vulnerable plugins and could lead to more critical vulnerabilities like RCE. | |||||
| CVE-2019-15831 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The visitors-traffic-real-time-statistics plugin before 1.12 for WordPress has CSRF in the settings page. | |||||
| CVE-2019-15832 | 1 Wp-buy | 1 Visitor Traffic Real Time Statistics | 2019-09-03 | 6.8 MEDIUM | 8.8 HIGH |
| The visitors-traffic-real-time-statistics plugin before 1.13 for WordPress has CSRF. | |||||