| CVE/PSC | Application | Date | Affected versions | Description |
|---|---|---|---|---|
| Actual on: Jun 15, 2025, 13:06:35 | Entries count: 3 | |||
|
vulnerable
|
Jun 07, 2024, 07:06:37 |
Min -
Max 1.2.3
|
The Management App for WooCommerce – Order notifications, Order management, Lead management, Uptime Monitoring plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the nouvello_upload_csv_file function in all versions up to, and including, 1.2.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. | |
|
SAFE & CERTIFIED
|
Jan 29, 2025, 18:01:14 |
Min 4.9.20
Max 4.9.20
|
The ManageWP Worker plugin, with over 1 million downloads, is a powerful tool for managing multiple WordPress websites from a single dashboard. It offers features such as automated backups, security monitoring, bulk updates, and website cloning. However, from a security standpoint, plugins with administrative control over multiple sites require strict scrutiny to ensure data integrity and prevent potential exploitation. | |
|
vulnerable
|
Jun 06, 2024, 22:06:59 |
Min -
Max 4.9.3
|
ManageWP Worker [worker] < 4.9.3 Manage WP Worker <= 4.9.2 - Authentication Bypass The Manage WP Worker plugin for WordPress is vulnerable to authentication bypass in versions up to, and including 4.9.2, due to the use of global keys that every installation of Manage WP worker uses for signature verification. This makes it possible to specially craft a request that can be used to auto-login as any user on any WordPress site running the plugin. | |