漏洞描述
WordPress 插件 WPvivid 存在未授权访问漏洞,此漏洞是当用户调用特定函数,例如wp_ajax_nopriv_wpvividstg_start_staging_free时,未充分验证用户的身份而导致的。
WordPress 插件 WPvivid 未授权访问漏洞
PoC代码
暂无相关漏洞推荐
- POC CVE-2015-8350: WordPress Calls to Action <=2.4.3 - Authenticated Reflected XSS
- POC CVE-2017-18580: WordPress Shortcodes Ultimate <= 5.0.0 - Authenticated Remote Code Execution
- POC CVE-2020-12832: WordPress Simple File List - Path Traversal
- POC CVE-2021-24657: Limit Login Attempts WordPress - Stored Cross-site Scripting
- POC CVE-2021-24681: Duplicate Page WordPress - Stored Cross-Site Scripting
- POC CVE-2021-25082: WordPress Popup Builder < 4.0.7 - Remote Code Execution
- POC CVE-2022-0765: WordPress Loco Translate < 2.6.1 - Cross-Site Scripting
- POC CVE-2022-0873: WordPress Gmedia Photo Gallery Plugin < 1.20.0 - Cross-Site Scripting
- POC CVE-2023-27624: WordPress Redirect After Login <= 0.1.9 - Admin Stored XSS
- POC CVE-2023-6266: WordPress Backup Migration <= 1.3.6 - Path Traversal
- POC CVE-2023-7164: WordPress BackWPup < 4.0.4 - Backup File Disclosure
- POC CVE-2024-35693: WordPress 12 Step Meeting List Plugin <= 3.14.33 - Cross-Site Scripting
- POC CVE-2024-5057: WordPress Easy Digital Downloads <= 3.2.12 - SQL Injection