Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2026-02-13
CVE-2023-1333 - Changeset Plugin
The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the clear_page_cache function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to delete the plugin's cache.
PLUGIN
Changeset
CVE-2023-1333
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1023 - Changeset Plugin
The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change sitemap-related settings of the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
PLUGIN
Changeset
CVE-2023-1023
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1028 - Changeset Plugin
The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Changeset
CVE-2023-1028
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1027 - Changeset Plugin
The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post categories. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
PLUGIN
Changeset
CVE-2023-1027
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1026 - Changeset Plugin
The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by category as long as those posts are published. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
PLUGIN
Changeset
CVE-2023-1026
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1024 - Changeset Plugin
The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
PLUGIN
Changeset
CVE-2023-1024
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1022 - Changeset Plugin
The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google analytics options maintained by the plugin. This vulnerability occurred as a result of the plugin relying on nonce checks as a means of access control, and that nonce being accessible to all authenticated users regardless of role.
PLUGIN
Changeset
CVE-2023-1022
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1068 - Changeset Plugin
The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the read_more_excerpt_link_menu_options() function. This makes it possible for unauthenticated attackers to update he plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Changeset
CVE-2023-1068
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-1029 - Changeset Plugin
The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Changeset
CVE-2023-1029
Risk Score
Threat Entry
Updated 2025-03-12
CVE-2023-0232 - Changeset Plugin
The ShopLentor WordPress plugin before 2.5.4 unserializes user input from cookies in order to track viewed products and user data, which could lead to PHP Object Injection.
PLUGIN
Changeset
CVE-2023-0232
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0555 - Changeset Plugin
The Quick Restaurant Menu plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on its AJAX actions in versions up to, and including, 2.0.2. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those actions intended for administrator use. Actions include menu item creation, update and deletion and other menu management functions. Since the plugin does not verify that a post ID passed to one of its AJAX actions belongs to a menu item, this can lead to arbitrary post…
PLUGIN
Changeset
CVE-2023-0555
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0554 - Changeset Plugin
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.
PLUGIN
Changeset
CVE-2023-0554
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0550 - Changeset Plugin
The Quick Restaurant Menu plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 2.0.2. This is due to the fact that during menu item deletion/modification, the plugin does not verify that the post ID provided to the AJAX action is indeed a menu item. This makes it possible for authenticated attackers, with subscriber-level access or higher, to modify or delete arbitrary posts.
PLUGIN
Changeset
CVE-2023-0550
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0553 - Changeset Plugin
The Quick Restaurant Menu plugin for WordPress is vulnerable to Stored Cross-Site Scripting via its settings parameters in versions up to, and including, 2.0.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
PLUGIN
Changeset
CVE-2023-0553
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2939 - Changeset Plugin
The WP Cerber Security plugin for WordPress is vulnerable to security protection bypass in versions up to, and including 9.0, that makes user enumeration possible. This is due to improper validation on the value supplied through the 'author' parameter found in the ~/cerber-load.php file. In vulnerable versions, the plugin only blocks requests if the value supplied is numeric, making it possible for attackers to supply additional non-numeric characters to bypass the protection. The non-numeric characters are stripped and the user requested is displayed. This can be used by unauthenticated attackers…
PLUGIN
Changeset
CVE-2022-2939
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2633 - Changeset Plugin
The All-in-One Video Gallery plugin for WordPress is vulnerable to arbitrary file downloads and blind server-side request forgery via the 'dl' parameter found in the ~/public/video.php file in versions up to, and including 2.6.0. This makes it possible for unauthenticated users to download sensitive files hosted on the affected server and forge requests to the server.
PLUGIN
Changeset
CVE-2022-2633
Risk Score
Threat Entry
Updated 2025-08-21
CVE-2022-2433 - Changeset Plugin
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to deserialization of untrusted input via the 'alm_repeaters_export' parameter in versions up to, and including 5.5.3. This makes it possible for unauthenticated users to call files using a PHAR wrapper, granted they can trick a site administrator into performing an action such as clicking on a link, that will deserialize and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that…
PLUGIN
Changeset
CVE-2022-2433
Risk Score
Threat Entry
Updated 2025-05-05
CVE-2022-2438 - Changeset Plugin
The Broken Link Checker plugin for WordPress is vulnerable to deserialization of untrusted input via the '$log_file' value in versions up to, and including 1.11.16. This makes it possible for authenticated attackers with administrative privileges and above to call files using a PHAR wrapper that will deserialize the data and call arbitrary PHP Objects that can be used to perform a variety of malicious actions granted a POP chain is also present. It also requires that the attacker is successful in uploading a file with the serialized payload.
PLUGIN
Changeset
CVE-2022-2438
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2544 - Changeset Plugin
The Ninja Job Board WordPress plugin before 1.3.3 does not protect the directory where it stores uploaded resumes, making it vulnerable to unauthenticated Directory Listing which allows the download of uploaded resumes.
PLUGIN
Changeset
CVE-2022-2544
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2022-2046 - Changeset Plugin
The Directorist WordPress plugin before 7.2.3 allows administrators to download other plugins from the same vendor directly to the site, but does not check the URL domain it gets the zip files from. This could allow administrators to run code on the server, which is a problem in multisite configurations.
PLUGIN
Changeset
CVE-2022-2046
Risk Score