Skip to main content

Rest Api To Miniprogram

3 CVEs product

Monthly

CVE-2024-8485 CRITICAL Act Now

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Authentication Bypass Rest Api To Miniprogram
NVD
CVSS 3.1
9.8
EPSS
0.3%
CVE-2024-8484 HIGH POC THREAT Act Now

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 88.9%.

WordPress SQLi Rest Api To Miniprogram
NVD
CVSS 3.1
7.5
EPSS
88.9%
Threat
5.7
CVE-2023-0551 MEDIUM POC This Month

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Rest Api To Miniprogram
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
EPSS 0% CVSS 9.8
CRITICAL Act Now

The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation WordPress Authentication Bypass +1
NVD
EPSS 89% 5.7 CVSS 7.5
HIGH POC THREAT Act Now

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 88.9%.

WordPress SQLi Rest Api To Miniprogram
NVD
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The REST API TO MiniProgram WordPress plugin through 4.6.1 does not have authorisation and CSRF checks in an AJAX action, allowing ay authenticated users, such as subscriber to call and delete. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Rest Api To Miniprogram
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy