Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
call to action vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2019-19983
In the WordPress plugin, Fast Velocity Minify prior to 2.7.7, the full web root path to the running WordPress application can be discovered. In order to exploit this vulnerability, FVM Debug Mode needs to be enabled and an admin-ajax request needs to call the fastvelocity_min_fil...
Fastvelocity Minify
3.5
CVSSv2
CVE-2021-25018
The PPOM for WooCommerce WordPress plugin prior to 24.0 does not have authorisation and CSRF checks in the ppom_settings_panel_action AJAX action, allowing any authenticated to call it and set arbitrary settings. Furthermore, due to the lack of sanitisation and escaping, it could...
Najeebmedia Ppom For Woocommerce
NA
CVE-2023-7202
The Fatal Error Notify WordPress plugin prior to 1.5.3 does not have authorisation and CSRF checks in its test_error AJAX action, allowing any authenticated users, such as subscriber to call it and spam the admin email address with error messages. The issue is also exploitable vi...
5.5
CVSSv2
CVE-2021-25095
The IP2Location Country Blocker WordPress plugin prior to 2.26.5 does not have authorisation and CSRF checks in the ip2location_country_blocker_save_rules AJAX action, allowing any authenticated users, such as subscriber to call it and block arbitrary country, or block all of the...
Ip2location Country Blocker
NA
CVE-2022-3880
The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan WordPress plugin prior to 4.20 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate ar...
Antihacker Project Antihacker
NA
CVE-2022-3882
The Memory Usage, Memory Limit, PHP and Server Memory Health Check and Fix Plugin WordPress plugin prior to 2.46 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugi...
Wp-memory Project Wp-memory
NA
CVE-2022-1932
The Rezgo Online Booking WordPress plugin prior to 4.1.8 does not sanitise and escape some parameters before outputting them back in a page, leading to a Reflected Cross-Site Scripting, which can be exploited either via a LFI in an AJAX action, or direct call to the affected file
Rezgo Rezgo Online Booking
7.5
CVSSv2
CVE-2007-0134
Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote malicious users to execute arbitrary code via the action parameter, which is supplied to an eval function call in (1) cart.php and (2) page.php. NOTE: a later report and CVE analysis indicate that the vu...
Igeneric Ig Shop 1.0
Igeneric Ig Shop 1.4
1 EDB exploit
4
CVSSv2
CVE-2022-0345
The Customize WordPress Emails and Alerts WordPress plugin prior to 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one...
Madewithfuel Customize Wordpress Emails And Alerts
NA
CVE-2022-3883
The Block Bad Bots and Stop Bad Bots Crawlers and Spiders and Anti Spam Protection WordPress plugin prior to 7.24 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plug...
Stopbadbots Project Stopbadbots
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »