PublishPress Capabilities 漏洞列表

共找到 3 个与 PublishPress Capabilities 相关的漏洞

📅 加载漏洞趋势中...

CVE-2021-25032: PublishPress Capabilities < 2.3.1 - Missing Authorization POC

日期: 2025-08-01 | 影响软件: PublishPress Capabilities

The PublishPress Capabilities plugin for WordPress before 2.3.1 does not have proper authorization and CSRF checks when updating settings via the init hook, allowing unauthenticated attackers to update arbitrary blog options, such as setting the default role to administrator.
CVE-2021-25032: PublishPress Capabilities < 2.3.1 - Missing Authorization POC

日期: 2025-08-01 | 影响软件: PublishPress Capabilities

The PublishPress Capabilities plugin for WordPress before 2.3.1 does not have proper authorization and CSRF checks when updating settings via the init hook, allowing unauthenticated attackers to update arbitrary blog options, such as setting the default role to administrator.
wp-publishpress-capabilities-xss: PublishPress Capabilities < 2.3.3 - Cross-Site Scripting POC

日期: 2025-08-01 | 影响软件: PublishPress Capabilities

The PublishPress Capabilities plugin for WordPress before 2.3.3 does not escape a form action URL before outputting it back in an attribute, leading to Reflected Cross-Site Scripting (XSS).