WP Shamsi
by WordPress
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-0335 | Med | 0.42 | 6.5 | 0.01 | Mar 27, 2023 | The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. | ||
| CVE-2022-4555 | Med | 0.42 | 6.5 | 0.01 | Dec 16, 2022 | The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins… | ||
| CVE-2022-38058 | Med | 0.28 | 4.3 | 0.01 | Sep 9, 2022 | Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. |
- risk 0.42cvss 6.5epss 0.01
The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.
- risk 0.42cvss 6.5epss 0.01
The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins…
- risk 0.28cvss 4.3epss 0.01
Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.