Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
call to action vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2021-25060
The Five Star Business Profile and Schema WordPress plugin prior to 2.1.7 does not have any authorisation and CSRF in its bpfwp_welcome_add_contact_page and bpfwp_welcome_set_contact_information AJAX action, allowing any authenticated users, such as subscribers, to call them. Fur...
Fivestarplugins Five Star Business Profile And Schema
5
CVSSv2
CVE-2016-9182
Exponent CMS 2.4 uses PHP reflection to call a method of a controller class, and then uses the method name to check user permission. But, the method name in PHP reflection is case insensitive, and Exponent CMS permits undefined actions to execute by default, so an attacker can us...
Exponentcms Exponent Cms 2.4.0
NA
CVE-2022-3881
The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin prior to 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it ...
Wptools Project Wptools
NA
CVE-2022-3024
The Simple Bitcoin Faucets WordPress plugin up to and including 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping,...
Simple Bitcoin Faucets Project Simple Bitcoin Faucets
7.5
CVSSv2
CVE-2022-1020
The Product Table for WooCommerce (wooproducttable) WordPress plugin prior to 3.1.2 does not have authorisation and CSRF checks in the wpt_admin_update_notice_option AJAX action (available to both unauthenticated and authenticated users), as well as does not validate the callback...
Codeastrology Woo Product Table
6.5
CVSSv2
CVE-2021-25030
The Events Made Easy WordPress plugin prior to 2.2.36 does not sanitise and escape the search_text parameter before using it in a SQL statement via the eme_searchmail AJAX action, available to any authenticated users. As a result, users with a role as low as subscriber can call i...
E-dynamics Events Made Easy
3.5
CVSSv2
CVE-2021-24965
The Five Star Restaurant Reservations WordPress plugin prior to 2.4.8 does not have capability and CSRF checks in the rtb_welcome_set_schedule AJAX action, allowing any authenticated users to call it. Due to the lack of sanitisation and escaping, users with a role as low as subsc...
Fivestarplugins Five Star Restaurant Reservations
NA
CVE-2023-42468
The com.cutestudio.colordialer application up to and including 2.1.8-2 for Android allows a remote malicious user to initiate phone calls without user consent, because of improper export of the com.cutestudio.dialer.activities.DialerActivity component. A third-party application (...
Azmobileapps Color Phone
5
CVSSv2
CVE-2022-1054
The RSVP and Event Management Plugin WordPress plugin prior to 2.7.8 does not have any authorisation checks when exporting its entries, and has the export function hooked to the init action. As a result, unauthenticated attackers could call it and retrieve PII such as first name,...
Wpchill Rsvp And Event Management
3.5
CVSSv2
CVE-2021-24969
The WordPress Download Manager WordPress plugin prior to 3.2.22 does not sanitise and escape Template data before outputting it in various pages (such as admin dashboard and frontend). Due to the lack of authorisation and CSRF checks in the wpdm_save_template AJAX action, any aut...
Wpdownloadmanager Wordpress Download Manager
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377
CVE-2024-20859
CVE-2023-49606
inject
arbitrary
CVE-2024-33788
CVE-2024-30973
IDOR
CVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »