The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.
The The Post Grid - Shortcode, Gutenberg Blocks and Elementor Addon for Post Grid plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The Admin Bar Remover plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the update_form() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The CM Tooltip Glossary - Powerful Glossary Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The ShopLentor - WooCommerce Builder for Elementor & Gutenberg +10 Modules - All in One Solution (formerly WooLentor) plugin for WordPress is vulnerable to unauthorized modification of data due to a. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.
The SVS Pricing Tables plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Easy Restaurant Table Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.9. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
This vulnerability was a potential CSRF attack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.
Jenkins Telegram Bot Plugin 1.4.0 and earlier stores the Telegram Bot token unencrypted in its global configuration file on the Jenkins controller where it can be viewed by users with access to the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
A vulnerability on Mitel 6800 Series and 6900 Series SIP Phones through 6.3 SP3 HF4, 6900w Series SIP Phone through 6.3.3, and 6970 Conference Unit through 5.1.1 SP8 allows an authenticated attacker. Rated medium severity (CVSS 4.2). No vendor patch available.
A vulnerability was found in Wildfly’s management interface. Rated medium severity (CVSS 4.1). No vendor patch available.