Filtered by vendor Miunosoft
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2025-11451 | 2 Miunosoft, Wordpress | 2 Auto Amazon Links Amazon Associates Affiliate Plugin, Wordpress | 2025-11-12 | 7.5 High |
| The Auto Amazon Links – Amazon Associates Affiliate Plugin plugin for WordPress is vulnerable to arbitrary files reads in all versions up to, and including, 5.4.3 via the '/wp-json/wp/v2/aal_ajax_unit_loading' RST API endpoint. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. | ||||
| CVE-2025-10056 | 2 Miunosoft, Wordpress | 2 Task Scheduler, Wordpress | 2025-10-21 | 4.4 Medium |
| The Task Scheduler plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.6.3 via the “Check Website” task. This makes it possible for authenticated attackers, with Administrator-level access and above, to make web requests to arbitrary locations originating from the web application and can be used to query and modify information from internal services. | ||||
Page 1 of 1.