Lucene search
K

8807 matches found

Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.8 views

PT-2023-22040 · WordPress · Wp Easycart

Name of the Vulnerable Software and Affected Versions: WP EasyCart plugin for WordPress versions up to, and including, 5.4.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the process deactivate product function. This allows...

4.3CVSS5.2AI score0.00241EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.6 views

PT-2023-17683 · WordPress · Essential Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks plugin for WordPress versions up to, and including, 4.0.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save function. This allows unauthenticated...

4.3CVSS5.3AI score0.00323EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.5 views

WordPress Plugin WP Activity Log 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

4.3CVSS6.2AI score0.00296EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.6 views

PT-2023-18734 · WordPress · Wp Activity Log

Name of the Vulnerable Software and Affected Versions: WP Activity Log for WordPress versions up to, and including, 4.5.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax run cleanup function. This allows unauthenticated...

4.3CVSS5.3AI score0.00296EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.5 views

PT-2023-22049 · Unknown · Wp Easycart

Name of the Vulnerable Software and Affected Versions: WP EasyCart plugin for WordPress versions up to, and including, 5.4.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the process bulk activate product function. This allows...

4.3CVSS5.2AI score0.00241EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.7 views

PT-2023-22038 · WordPress · Wp Easycart

Name of the Vulnerable Software and Affected Versions: WP EasyCart plugin for WordPress versions up to, and including, 5.4.8 Description: The issue is due to missing or incorrect nonce validation on the process bulk delete product function, making it possible for unauthenticated attackers to bulk...

6.5CVSS5.3AI score0.00232EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.6 views

PT-2023-17537 · WordPress · The Announcement & Notification Banner – Bulletin

Name of the Vulnerable Software and Affected Versions: The Announcement & Notification Banner – Bulletin plugin for WordPress versions up to, and including, 3.7.0 Description: The issue allows unauthenticated attackers to modify the plugin's settings, modify bulletins, create new bulletins, and...

6.3CVSS6.3AI score0.00288EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.3 views

PT-2023-20002 · WordPress · Easy Google Maps

Name of the Vulnerable Software and Affected Versions: Easy Google Maps plugin for WordPress versions up to and including 1.11.7 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the AJAX action handler. This allows unauthenticated...

5.4CVSS6.3AI score0.00282EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.6 views

PT-2023-17674 · WordPress · Essential Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks plugin for WordPress versions up to, and including, 4.0.6 Description: The issue arises from a missing capability check on the templates function, allowing unauthorized use of functionality. This enables subscriber-level...

4.3CVSS5.3AI score0.00607EPSS
Exploits0References6
OSV
OSV
added 2023/06/07 2:15 a.m.5 views

CVE-2021-4381

The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...

9.8CVSS5.8AI score0.014EPSS
Exploits1References3
NVD
NVD
added 2023/06/07 2:15 a.m.24 views

CVE-2021-4381

The uListing plugin for WordPress is vulnerable to authorization bypass via wproute due to missing capability checks, and a missing security nonce, in the StmListingSingleLayout::importnewlayout method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers t...

9.8CVSS9.5AI score0.014EPSS
Exploits1References3
OSV
OSV
added 2023/06/07 2:15 a.m.5 views

CVE-2021-4371

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...

4.3CVSS5.8AI score0.00663EPSS
Exploits1References3
OSV
OSV
added 2023/06/07 2:15 a.m.5 views

CVE-2021-4368

The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...

8.8CVSS6.3AI score
Exploits0References3
NVD
NVD
added 2023/06/07 2:15 a.m.11 views

CVE-2021-4371

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...

4.3CVSS4.4AI score0.00663EPSS
Exploits1References3
NVD
NVD
added 2023/06/07 2:15 a.m.21 views

CVE-2021-4368

The Frontend File Manager plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 18.2. This is due to lacking capability checks and a security nonce, all on the wpfmsavesettings AJAX action. This makes it possible for subscriber-level attackers to ed...

9.9CVSS9.7AI score0.01853EPSS
Exploits1References3
OSV
OSV
added 2023/06/07 2:15 a.m.4 views

CVE-2021-4341

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

9.8CVSS5.8AI score0.01134EPSS
Exploits1References2
NVD
NVD
added 2023/06/07 2:15 a.m.10 views

CVE-2021-4345

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...

6.5CVSS6.4AI score0.0073EPSS
Exploits1References3
NVD
NVD
added 2023/06/07 2:15 a.m.29 views

CVE-2021-4341

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

9.8CVSS9.5AI score0.01134EPSS
Exploits1References2
OSV
OSV
added 2023/06/07 2:15 a.m.3 views

CVE-2020-36717

The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...

8.8CVSS5.6AI score0.00478EPSS
Exploits1References2
OSV
OSV
added 2023/06/07 2:15 a.m.5 views

CVE-2020-36700

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...

8.8CVSS5.9AI score0.01186EPSS
Exploits1References4
Rows per page
Query Builder