Every CVE whose affected-product data names Wpvar Wp Shamsi, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2022-4555 — CVSS 6.5 (medium): The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate() function…
CVE-2023-0335 — CVSS 6.5 (medium): The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as…
CVE-2022-38058 — CVSS 4.3 (medium): Authenticated (subscriber+) Plugin Setting change vulnerability in WP Shamsi plugin <= 4.1.1 at WordPress.