Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Read More & Accordion

Source -

CNA

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-0810
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.22%
||
7 Day CHG~0.00%
Published-05 Apr, 2025 | 01:44
Updated-07 Apr, 2025 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Read More & Accordion <= 3.4.5 - Cross-Site Request Forgery to Local File Inclusion

The Read More & Accordion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.5. This is due to missing or incorrect nonce validation on the addNewButtons() function. This makes it possible for unauthenticated attackers to include and execute arbitrary PHP files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-edmonparker
Product-Read More & Accordion
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13639
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 19.75%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 08:21
Updated-18 Feb, 2025 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Read More & Accordion <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary 'Read More' Post Deletion

The Read More & Accordion plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the expmDeleteData() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary 'read more' posts.

Action-Not Available
Vendor-edmonparkerAdam Skaat (Edmonsoft)
Product-read_more_\&_accordionRead More & Accordion
CWE ID-CWE-862
Missing Authorization
CVE-2023-3392
Assigner-WPScan
ShareView Details
Assigner-WPScan
CVSS Score-7.2||HIGH
EPSS-0.46% / 63.02%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:32
Updated-16 Sep, 2024 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Read More & Accordion < 3.2.7 - Admin+ PHP Object Injection

The Read More & Accordion WordPress plugin before 3.2.7 unserializes user input provided via the settings, which could allow high-privilege users such as admin to perform PHP Object Injection when a suitable gadget is present.

Action-Not Available
Vendor-UnknownAdam Skaat (Edmonsoft)
Product-read_more_\&_accordionRead More & Accordion
CWE ID-CWE-502
Deserialization of Untrusted Data