Fullworks: Security Vulnerabilities
The Redirect 404 Error Page to Homepage or Custom Page with Logs WordPress plugin before 1.7.9 does not check for CSRF when deleting logs, which could allow attacker to make a logged in admin delete them via a CSRF attack
CVSS Score
6.5
EPSS Score
0.001
Published
2021-11-08
The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS.
CVSS Score
6.1
EPSS Score
0.052
Published
2019-08-21
Stop User Enumeration 1.3.8 allows user enumeration via the REST API
CVSS Score
5.3
EPSS Score
0.004
Published
2017-11-17