Lucene search
K

8807 matches found

Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.24 views

CVE-2020-36717 Kali Forms <= 2.1.1 - Cross-Site Request Forgery

The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...

8.8CVSS7.1AI score0.00478EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.22 views

CVE-2020-36717 Kali Forms <= 2.1.1 - Cross-Site Request Forgery

The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions v...

8.8CVSS8.5AI score0.00478EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.9 views

CVE-2021-4359 Frontend File Manager Plugin <= 18.2 - Unauthenticated Arbitrary Post Deletion

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 18.2. This is due to lacking authentication protections and lacking a security nonce on the wpfmdeletefile AJAX action. This makes it possible for...

6.5CVSS6.1AI score0.00877EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.28 views

CVE-2021-4357 uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::saveroleapi function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete...

9.1CVSS9.3AI score0.01019EPSS
Exploits1References4
CVE
CVE
added 2023/06/07 1:51 a.m.50 views

CVE-2021-4357

Summary : The WordPress uListing plugin is vulnerable to an authorization bypass in the function UlistingUserRole::save_role_api up to and including version 1.6.6 . The root cause is missing capability checks and a missing security nonce, which could allow unauthenticated attackers to arbitrarily...

9.1CVSS5.2AI score0.01019EPSS
Exploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.20 views

CVE-2021-4357 uListing <= 1.6.6 - Unauthenticated Arbitrary Post/Page Deletion

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::saveroleapi function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete...

9.1CVSS6AI score0.01019EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.18 views

CVE-2020-36707

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and...

8.8CVSS7AI score0.00458EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.21 views

CVE-2021-4345 uListing <= 1.6.6 - Unauthenticated Arbitrary Roles and Capabilities Creation/Deletion

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability and nonce checks on the UlistingUserRole::saveroleapi method in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to remove or add roles, and add capabilities...

6.5CVSS6.6AI score0.0073EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.14 views

CVE-2020-36700 Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...

8.8CVSS7.4AI score0.01186EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.27 views

CVE-2020-36700 Page Builder: KingComposer < 2.9.4 - Authorization Bypass due to Improper Access Control

The Page Builder: KingComposer plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 2.9.3. This is due to a security nonce being leaked in the '/wp-admin/index.php' page. This makes it possible for authenticated attackers to change arbitrary WordPress...

8.8CVSS8.5AI score0.01186EPSS
Exploits1References4
CVE
CVE
added 2023/06/07 1:51 a.m.52 views

CVE-2020-36700

The CVE-2020-36700 entry concerns the WordPress Page Builder: KingComposer plugin. Affected component: KingComposer Page Builder for WordPress (versions up to and including 2.9.3). Root cause: an authorization bypass due to a security nonce being leaked on /wp-admin/index.php. Impact: authenticat...

8.8CVSS8.3AI score0.01186EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2023/06/07 1:51 a.m.49 views

CVE-2021-4341

Product: WordPress uListing plugin. Vulnerability: Authorization bypass via Ajax in the stm_update_email_data action due to missing capability checks, missing input validation, and a missing security nonce. Affects versions up to and including 1.6.6. Impact: Unauthenticated attackers can change a...

9.8CVSS9.2AI score0.01134EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.9 views

CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

9.8CVSS7.2AI score0.01134EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.32 views

CVE-2021-4341 uListing <= 1.6.6 - Unauthenticated Wordpress Options Changes via AJAX

The uListing plugin for WordPress is vulnerable to authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stmupdateemaildata AJAX action in versions up to, and including, 1.6.6. This makes it possible for unauthenticated...

9.8CVSS9.6AI score0.01134EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.8 views

PT-2023-11369 · Unknown +1 · Materialis +1

Name of the Vulnerable Software and Affected Versions: Mesmerize versions up to, and including, 1.6.89 Materialis versions up to, and including, 1.0.172 Description: The issue allows authenticated attackers to change restricted options due to the companion disable popup function only checking the...

8.8CVSS8.5AI score0.0131EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-11849 · WordPress · Coming Soon & Maintenance Mode Page Plugin

Name of the Vulnerable Software and Affected Versions: Coming Soon & Maintenance Mode Page plugin for WordPress versions up to, and including, 1.57 Description: The issue arises from confusing logic functions missing or having incorrect nonce validation, making it possible for unauthenticated...

8.8CVSS8.7AI score0.00458EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-12444 · WordPress · Ulisting

Name of the Vulnerable Software and Affected Versions: uListing plugin for WordPress versions up to, and including, 1.6.6 Description: The issue allows for authorization bypass via Ajax due to missing capability checks, missing input validation, and a missing security nonce in the stm update emai...

9.8CVSS9.3AI score0.01134EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-12480 · WordPress · Frontend File Manager

Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to, and including, 18.2 Description: The issue arises from lacking authorization protections, checks against users editing other's posts, and a missing security nonce on the "wpfm edit fi...

5.8CVSS5.3AI score0.00797EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.7 views

PT-2023-12482 · WordPress · Wp Quick Frontend Editor

Name of the Vulnerable Software and Affected Versions: WP Quick FrontEnd Editor plugin for WordPress versions up to and including 5.5 Description: The issue is due to the lack of a security nonce and a capabilities check, allowing low-authenticated attackers to change plugin settings without prop...

4.3CVSS4.6AI score0.00663EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.6 views

PT-2023-11859 · WordPress · Kali Forms

Name of the Vulnerable Software and Affected Versions: Kali Forms plugin for WordPress versions up to, and including, 2.1.1 Description: The issue is due to incorrect nonce handling throughout the plugin's function, making it possible for unauthenticated attackers to access the plugin's...

8.8CVSS8.5AI score0.00478EPSS
Exploits1References5
Rows per page
Query Builder