Webcodingplace
Products
3- 2 CVEs
- 1 CVE
- 1 CVE
Recent CVEs
4| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-4239 | Hig | 0.57 | 8.8 | 0.00 | Aug 9, 2023 | The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update. | |
| CVE-2024-13753 | Hig | 0.53 | 8.1 | 0.00 | Feb 20, 2025 | The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the update_profile function. This makes it possible for unauthenticated attackers to modify victim's email via a forged request, which might lead to account takeover, granted they can trick a user into performing an action such as clicking on a link. | |
| CVE-2024-0201 | Med | 0.35 | 5.4 | 0.00 | Jan 3, 2024 | The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings. CVE-2023-52179 appears to be a duplicate of this issue. | |
| CVE-2009-4318 | 0.00 | — | 0.00 | Dec 14, 2009 | Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party information. |
- risk 0.57cvss 8.8epss 0.00
The Real Estate Manager plugin for WordPress is vulnerable to privilege escalation in versions up to, and including, 7.2 due to insufficient restriction on the 'rem_save_profile_front' function. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to modify their user role by supplying the 'wp_capabilities' parameter during a profile update.
- risk 0.53cvss 8.1epss 0.00
The Ultimate Classified Listings plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the update_profile function. This makes it possible for unauthenticated attackers to modify victim's email via a forged request, which might lead to account takeover, granted they can trick a user into performing an action such as clicking on a link.
- risk 0.35cvss 5.4epss 0.00
The Product Expiry for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_settings' function in versions up to, and including, 2.5. This makes it possible for authenticated attackers, with subscriber-level permissions or above to update plugin settings. CVE-2023-52179 appears to be a duplicate of this issue.
- CVE-2009-4318Dec 14, 2009risk 0.00cvss —epss 0.00
Cross-site scripting (XSS) vulnerability in index.php in Real Estate Manager 1.0.1 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. NOTE: some of these details are obtained from third party information.