Several plugins for WordPress by Inisev are vulnerable to unauthorized installation of plugins due to a missing capability check on the handle_installation function that is called via the inisev_installation AJAX aciton in various versions. This makes it possible for authenticated attackers with minimal permissions, such as subscribers, to install select plugins from Inisev on vulnerable sites. CVE-2023-38514 appears to be a duplicate of this vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
inisev redirection |
||
themecheck ultimate posts widget |
||
inisev ssl mixed content fix |
||
inisev rss redirect \\& feedburner alternative |
||
mypopups pop-up |
||
themecheck enhanced text widget |
||
copy-delete-posts duplicate post |
||
backupbliss clone |
||
backupbliss backup migration |
||
socialshare social share icons \\& social share buttons |
||
ultimatelysocial social media share buttons \\& social sharing icons |