ByteOS Network

bc2018

Source -

CNA

BOS Name -

N/A

CNA CVEs -

ADP CVEs -

CISA CVEs -

NVD CVEs -

2Vulnerabilities found

CVE-2025-4597

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-6.5||MEDIUM

EPSS-0.04% / 10.62%

7 Day CHG~0.00%

Published-30 May, 2025 | 11:15

Updated-30 May, 2025 | 16:31

Woo Slider Pro - Drag Drop Slider Builder For WooCommerce <= 1.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion

The Woo Slider Pro – Drag Drop Slider Builder For WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the woo_slide_pro_delete_draft_preview AJAX action in all versions up to, and including, 1.12. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.

Vendor-bc2018

Product-Woo Slider Pro – Drag Drop Slider Builder For WooCommerce

CWE ID-CWE-862

Missing Authorization

CVE-2020-36839

Assigner-Wordfence

View Details

Assigner-Wordfence

CVSS Score-8.3||HIGH

EPSS-0.04% / 11.01%

7 Day CHG~0.00%

Published-16 Oct, 2024 | 06:43

Updated-16 Oct, 2024 | 16:38

WP Lead Plus X <= 0.99 - Cross-Site Request Forgery

The WP Lead Plus X plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.99. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform administrative actions, such as adding pages to the site and/or replacing site content with malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendor-bc2018

Product-WordPress Landing Page – Squeeze Page – Responsive Landing Page Builder Free – WP Lead Plus X

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)