Lucene search
K

8807 matches found

Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.18 views

CVE-2023-2087 Essential Blocks <= 4.0.6 - Cross-Site Request Forgery via save

The Essential Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.6. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change plugin settings via a forged...

4.3CVSS6.6AI score0.00323EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.14 views

CVE-2023-0292 Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion

The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsmremovefilefdquestion AJAX action. This makes it possible for unauthenticated attacker...

5.4CVSS7.3AI score0.00791EPSS
Exploits4References4
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.26 views

CVE-2023-0292 Quiz And Survey Master <= 8.0.8 - Cross-Site Request Forgery to Arbitrary Media Deletion

The Quiz And Survey Master plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.0.8. This is due to missing nonce validation on the function associated with the qsmremovefilefdquestion AJAX action. This makes it possible for unauthenticated attacker...

5.4CVSS8AI score0.00791EPSS
Exploits4References4
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.10 views

CVE-2023-2891 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...

6.5CVSS6.6AI score0.00244EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.27 views

CVE-2023-2891 WP EasyCart <= 5.4.8 - Cross-Site Request Forgery via process_delete_product

The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the processdeleteproduct function. This makes it possible for unauthenticated attackers to delete products via a forged...

6.5CVSS6.2AI score0.00244EPSS
Exploits0References2
CVE
CVE
added 2023/06/09 5:33 a.m.61 views

CVE-2023-1807

The CVE-2023-1807 entry concerns the Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress. The root cause is missing or incorrect nonce validation in the toggle_widget function, allowing Cross-Site Request Forgery. Affected are WordPress sites running Stax up to version 1.4.3. I...

4.3CVSS5.1AI score0.003EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.11 views

CVE-2023-1807 Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the togglewidget function. This makes it possible for unauthenticated attackers t...

4.3CVSS6.6AI score0.003EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.22 views

CVE-2023-1807 Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Cross-Site Request Forgery via toggle_widget

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.3. This is due to missing or incorrect nonce validation on the togglewidget function. This makes it possible for unauthenticated attackers t...

4.3CVSS4.6AI score0.003EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.25 views

CVE-2023-2067 Announcement & Notification Banner – Bulletin <= 3.7.0 - Cross-Site Request Forgery

The Announcement & Notification Banner – Bulletin plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce validation on the 'bulletinwpupdatebulletinstatus', 'bulletinwpupdatebulletin', 'bulletinwpupdatesettings', 'bulletinwpupdatestatus',...

6.3CVSS6.7AI score0.00288EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.8 views

CVE-2023-0729 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavesortorder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS6.5AI score0.00297EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.28 views

CVE-2023-2085 Essential Blocks <= 4.0.6 - Missing Authorization via templates

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the templates function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin template information. While a...

4.3CVSS6.6AI score0.00607EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.7 views

CVE-2023-2599 Active Directory Integration / LDAP Integration <= 4.1.4 - Cross-Site Request Forgery to SQL Injection

The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the getusers function and insufficient escaping o...

3.1CVSS6.9AI score0.00424EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.12 views

CVE-2023-2526 Easy Google Maps <= 1.11.7 - Cross-Site Request Forgery via AJAX action

The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forg...

5.4CVSS6.6AI score0.00282EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.42 views

CVE-2023-2084 Essential Blocks <= 4.0.6 - Missing Authorization via get

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the get function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to obtain plugin settings. While a nonce check is...

4.3CVSS4.6AI score0.00513EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/06/09 5:33 a.m.26 views

CVE-2023-0831 Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismissnotice function called via the adminactionucpdismissnotice action. This makes it possible for...

4.3CVSS4.5AI score0.0025EPSS
Exploits0References2
CVE
CVE
added 2023/06/09 5:33 a.m.39 views

CVE-2023-0831

The CVE-2023-0831 entry concerns the WordPress plugin Under Construction. A CSRF flaw exists in versions up to 3.96 due to missing/incorrect nonce validation in the dismiss_notice function invoked by admin_action_ucp_dismiss_notice, allowing unauthenticated attackers to dismiss plugin notificatio...

4.3CVSS4.2AI score0.0025EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.17 views

CVE-2023-0831 Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_ucp_dismiss_notice

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismissnotice function called via the adminactionucpdismissnotice action. This makes it possible for...

4.3CVSS6.5AI score0.0025EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.5 views

WordPress Plugin WP Activity Log Premium 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS6.3AI score0.00215EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.5 views

PT-2023-20414 · WordPress · Active Directory Integration

Name of the Vulnerable Software and Affected Versions: Active Directory Integration plugin for WordPress versions up to, and including, 4.1.4 Description: The issue allows unauthenticated attackers to perform time-based SQL Injection via the orderby and order parameters due to missing nonce...

6.5CVSS7.4AI score0.00424EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.5 views

WordPress Plugin WP EasyCart 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

6.5CVSS6.2AI score0.00244EPSS
Exploits0References3
Rows per page
Query Builder