Lucene search
K

8806 matches found

Prion
Prion
added 2023/06/03 5:15 a.m.17 views

Cross site request forgery (csrf)

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.2. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

4.3CVSS6.1AI score0.00335EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/03 4:35 a.m.16 views

CVE-2023-2301 Contact Form Builder by vcita <= 4.10.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contact Form Builder by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.3. This is due to missing nonce validation on the lsparsevcitacallback function. This makes it possible for unauthenticated attackers to modify the plugin's...

6.1CVSS6.7AI score0.00295EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/06/03 4:35 a.m.8 views

CVE-2023-2407 Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.10.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

6.1CVSS6.7AI score0.00419EPSS
Exploits2References5
Vulnrichment
Vulnrichment
added 2023/06/03 4:35 a.m.20 views

CVE-2023-2303 Contact Form and Calls To Action by vcita <= 4.10.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.5. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the...

6.1CVSS6.7AI score0.00293EPSS
Exploits1References4
Cvelist
Cvelist
added 2023/06/03 4:35 a.m.44 views

CVE-2023-2407 Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.10.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

6.1CVSS6.3AI score0.00419EPSS
Exploits2References5
Cvelist
Cvelist
added 2023/06/03 4:35 a.m.34 views

CVE-2023-2303 Contact Form and Calls To Action by vcita <= 4.10.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.5. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the...

6.1CVSS6.1AI score0.00293EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2023/06/03 4:35 a.m.16 views

CVE-2023-2405 CRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

6.1CVSS6.8AI score0.00335EPSS
Exploits2References4
Cvelist
Cvelist
added 2023/06/03 4:35 a.m.51 views

CVE-2023-2405 CRM and Lead Management by vcita <= 2.7.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settin...

6.1CVSS6.3AI score0.00335EPSS
Exploits2References4
OSV
OSV
added 2023/06/03 12:15 a.m.5 views

CVE-2023-3055

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhsave' function. This makes it possible for unauthenticated attackers to update the post content an...

4.3CVSS6.5AI score0.00208EPSS
Exploits0References2
OSV
OSV
added 2023/06/03 12:15 a.m.6 views

CVE-2023-3052

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhaddpost', 'azhduplicatepost', 'azhupdatepost' and 'azhremovepost' functions. This makes it possibl...

8.8CVSS5.7AI score0.00317EPSS
Exploits0References6
NVD
NVD
added 2023/06/03 12:15 a.m.22 views

CVE-2023-3055

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhsave' function. This makes it possible for unauthenticated attackers to update the post content an...

6.1CVSS5.9AI score0.00208EPSS
Exploits0References2
Prion
Prion
added 2023/06/03 12:15 a.m.17 views

Cross site request forgery (csrf)

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhaddpost', 'azhduplicatepost', 'azhupdatepost' and 'azhremovepost' functions. This makes it possibl...

6.8CVSS8.2AI score0.00317EPSS
Exploits0References6Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.9 views

PT-2023-19377 · Vcita · Crm/Lead Management By Vcita

Name of the Vulnerable Software and Affected Versions: CRM and Lead Management by vcita plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is due to missing nonce validation in the vcita-callback.php file, making it possible for unauthenticated attackers to modify th...

6.5CVSS6.8AI score0.00335EPSS
Exploits2References7
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.6 views

PT-2023-19387 · Vcita · The Event Registration Calendar By Vcita

Name of the Vulnerable Software and Affected Versions: The Event Registration Calendar By vcita plugin versions up to and including 3.9.1 Online Payments – Get Paid with PayPal, Square & Stripe plugin for WordPress affected versions not specified Description: The issue is due to missing nonce...

6.5CVSS6.7AI score0.00419EPSS
Exploits2References8
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.6 views

PT-2023-18816 · Vcita · Contact Form Builder By Vcita

Name of the Vulnerable Software and Affected Versions: Contact Form Builder by vcita plugin for WordPress versions up to, and including, 4.9.1 Description: The issue is due to missing nonce validation on the ls parse vcita callback function, making it possible for unauthenticated attackers to...

6.1CVSS6.5AI score0.00295EPSS
Exploits1References8
CNNVD
CNNVD
added 2023/06/03 12:0 a.m.5 views

WordPress Plugin Page Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Page Build...

6.1CVSS6.2AI score0.00208EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.8 views

PT-2023-18825 · Vcita · Contact Form/Calls To Action

Name of the Vulnerable Software and Affected Versions: Contact Form and Calls To Action by vcita plugin for WordPress versions up to, and including, 2.6.4 Description: The issue is due to missing nonce validation in the vcita-callback.php file, making it possible for unauthenticated attackers to...

6.1CVSS6.5AI score0.00293EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.8 views

PT-2023-19447 · Vcita · Online Booking & Scheduling Calendar For Wordpress

Name of the Vulnerable Software and Affected Versions: The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress versions up to, and including, 4.2.10 Description: The issue is related to a missing nonce check on the vcita logout callback function, which makes it possib...

6.5CVSS6.7AI score0.00394EPSS
Exploits2References9
Vulnrichment
Vulnrichment
added 2023/06/02 11:37 p.m.15 views

CVE-2023-3052

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhaddpost', 'azhduplicatepost', 'azhupdatepost' and 'azhremovepost' functions. This makes it possibl...

6.3CVSS6.7AI score0.00317EPSS
Exploits0References6
Cvelist
Cvelist
added 2023/06/02 11:37 p.m.26 views

CVE-2023-3052 Page Builder by AZEXO <= 1.27.133 - Cross-Site Request Forgery to Post Creation/Modification/Deletion

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhaddpost', 'azhduplicatepost', 'azhupdatepost' and 'azhremovepost' functions. This makes it possibl...

6.3CVSS8.5AI score0.00317EPSS
Exploits0References6
Rows per page
Query Builder