Skip to content

Security For WordPress Plugin Vulnerabilities

莆田SEO网络安全研究

Wordpress Plugins Vulnerabilities

Multivendor Marketplace Solution for WooCommerce < 3.8.12 - 未经授权的函数调用

- August 15, 2022 - admin

这个插件很多地方的AJAX调用函数都没有对当前用户权限进行判断,导致可以任意操作一些危险的AJAX动作,比如暂停插件用户,随意更改订单状态等等
关于此漏洞更加详细的信息请查看这里:https://wpscan.com/vulnerability/c600dd04-f6aa-430b-aefb-c4c6d554c41a

Post navigation

WordPress Notification Bar for WordPress plugin <= 1.1.8 - 未经认证用户的存储型XSS漏洞攻击
SEO Scout plugin <= 0.9.83 未经验证的函数调用导致配置修改

Recent Posts

  • CENTOS7 下安装mongodb
  • WordPress Read more By Adam plugin <= 1.1.8 - CSRF漏洞
  • WordPress Add Shortcodes Actions And Filters plugin <= 2.0.9 管理员后台出现XXS漏洞
  • WordPress YDS Support Ticket System plugin <= 1.0 -CSRF漏洞
  • WordPress PCA Predict plugin <= 1.0.3 管理员后台的XXS漏洞

Tags

Content Mask press elements exploit press elements vulnerabilities reserve ip lookup same ip website wordpress vulnerabilities wordpress插件安全,wordpress plugin vulnerabilities wordpress 插件漏洞,wordpress 漏洞 同服网站查询,同服网站查询

Archives

  • September 2022
  • August 2022
  • July 2022
  • May 2022
  • March 2022

Categories

  • linux日常
  • Tools for site analysis
  • Wordpress Plugins Vulnerabilities
Security For WordPress Plugin Vulnerabilities by PtsFence.