← Back

Ari Adminer

ari_adminer

Vendor: Ari Soft • 2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2019-25215
1Ari Soft
1Ari Adminer
Jun 17, 2026
Oct 16, 2024
N/A· v4
7.3 HIGH· v3
N/A· v2
The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for una...Show more
The ARI-Adminer plugin for WordPress is vulnerable to authorization bypass due to a lack of file access controls in nearly every file of the plugin in versions up to, and including, 1.1.14. This makes it possible for unauthenticated attackers to call the files directly and perform a wide variety of unauthorized actions such as accessing a site's database and making changes.Show less
CVE-2020-19156
1Ari Soft
1Ari Adminer
Jun 17, 2026
Sep 15, 2021
N/A· v4
5.4 MEDIUM· v3
3.5 LOW· v2
Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.