wpvar 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
Historical issues mainly involve vendor risk csrf and related security problems, affecting vendor surface production workloads and vendor surface software deployment scenarios.
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2023-0335 | The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment. | [email protected] | 6.5 | 0.13% | 2023-03-27 | 2025-02-19 |
| CVE-2022-4555 | The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function hooked via init() in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can be used to deactivate security plugins that aids in exploiting other vulnerabilities. | [email protected] | 6.5 | 0.65% | 2022-12-16 | 2026-04-08 |
| CVE-2022-38058 | Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress. | [email protected] | 4.3 | 0.31% | 2022-09-09 | 2024-11-21 |