Skip to main content

Wp Remote Users Sync

2 CVEs product

Monthly

CVE-2023-4374 MEDIUM This Month

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wp Remote Users Sync
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-3958 HIGH PATCH This Week

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Wp Remote Users Sync
NVD
CVSS 3.1
8.5
EPSS
0.2%
EPSS 0% CVSS 4.3
MEDIUM This Month

The WP Remote Users Sync plugin for WordPress is vulnerable to unauthorized access of data and addition of data due to a missing capability check on the 'refresh_logs_async' functions in versions up. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Wp Remote Users Sync
NVD
EPSS 0% CVSS 8.5
HIGH PATCH This Week

The WP Remote Users Sync plugin for WordPress is vulnerable to Server Side Request Forgery via the 'notify_ping_remote' AJAX function in versions up to, and including, 1.2.12. Rated high severity (CVSS 8.5), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

WordPress SSRF Wp Remote Users Sync
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy