Nov 14, 2019 | WordPress Vulnerabilities
Publicly Published 2019-11-14 (about 23 hours ago) Added 2019-11-14 (about 15 hours ago) Last Updated 2019-11-14 (about 15 hours ago)
Nov 13, 2019 | WordPress Vulnerabilities
– Unauthenticated Export, leading to disclosure of subscribers data – Insecure Permissions on Dashboard and Settings – CSRF on Settings – Send Test Emails from the Administrative Dashboard as an Authenticated User (with a role of Subscriber and...
Nov 10, 2019 | WordPress Vulnerabilities
All issues can be triggered by unauthenticated users: – Arbitrary File Deletion – HTML injection & CSRF in email messages – Stored Cross-Site Scripting – Disclosure of subscribers’ email address – Arbitrary subscriber deletion...
Oct 31, 2019 | WordPress Vulnerabilities
fixed in version 2.2.14 fixed in version 2.3.15 fixed in version 1.3.15 fixed in version 1.3.12 fixed in version 1.7.1 fixed in version 1.3.21 fixed in version 1.3.7 fixed in version 1.4.9 fixed in version 1.3.6 fixed in version 1.2.11 fixed in version 1.2.13 fixed in...
Oct 17, 2019 | WordPress Vulnerabilities
Description- Unauthenticated information disclosure, allowing attackers to access arbitrary invoices and quotes containing PII – Authenticated SQL injection and information disclosure – Additional issues, such as lack of CSRF and Authorisation checks on...
Oct 14, 2019 | WordPress Vulnerabilities
DescriptionAn attacker can partially control the arguments of the do_action, during the initialization of the PUM_Site . Because of this, an attacker can call any method which contains an action starting from popmake_ or pum_ . This will lead to successful execution...
