Filtered by vendor Wpengine
Subscribe
Total
7 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2023-6933 | 1 Wpengine | 1 Better Search Replace | 2024-02-14 | N/A | 9.8 CRITICAL |
| The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute code. | |||||
| CVE-2022-1563 | 1 Wpengine | 1 Wpgraphql | 2024-01-22 | N/A | 5.3 MEDIUM |
| The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL. | |||||
| CVE-2019-9879 | 1 Wpengine | 1 Wpgraphql | 2024-01-22 | 7.5 HIGH | 9.8 CRITICAL |
| The WPGraphQL 0.2.3 plugin for WordPress allows remote attackers to register a new user with admin privileges, whenever new user registrations are allowed. This is related to the registerUser mutation. | |||||
| CVE-2019-9881 | 1 Wpengine | 1 Wpgraphql | 2024-01-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| The createComment mutation in the WPGraphQL 0.2.3 plugin for WordPress allows unauthenticated users to post comments on any article, even when 'allow comment' is disabled. | |||||
| CVE-2019-9880 | 1 Wpengine | 1 Wpgraphql | 2024-01-22 | 6.4 MEDIUM | 9.1 CRITICAL |
| An issue was discovered in the WPGraphQL 0.2.3 plugin for WordPress. By querying the 'users' RootQuery, it is possible, for an unauthenticated attacker, to retrieve all WordPress users details such as email address, role, and username. | |||||
| CVE-2023-23684 | 1 Wpengine | 1 Wpgraphql | 2023-12-20 | N/A | 6.5 MEDIUM |
| Server-Side Request Forgery (SSRF) vulnerability in WPGraphQL.This issue affects WPGraphQL: from n/a through 1.14.5. | |||||
| CVE-2023-24421 | 1 Wpengine | 1 Php Compatibility Checker | 2023-12-10 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions. | |||||