Lucene search
K

8803 matches found

Vulnrichment
Vulnrichment
added 2023/04/06 7:56 p.m.13 views

CVE-2023-1921 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_start_cdn_integration_ajax_request_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcstartcdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...

4.3CVSS6.6AI score0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/06 7:56 p.m.16 views

CVE-2023-1921 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_start_cdn_integration_ajax_request_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcstartcdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...

4.3CVSS4.5AI score0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/06 7:55 p.m.16 views

CVE-2023-1920 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_purgecache_varnish_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpurgecachevarnishcallback function. This makes it possible for unauthenticated attackers to purge the...

4.3CVSS4.5AI score0.00227EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/06 7:55 p.m.9 views

CVE-2023-1920 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_purgecache_varnish_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpurgecachevarnishcallback function. This makes it possible for unauthenticated attackers to purge the...

4.3CVSS6.6AI score0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/06 7:55 p.m.24 views

CVE-2023-1919 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglesavesettingscallback function. This makes it possible for unauthenticated attackers to change...

4.3CVSS4.5AI score0.00227EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/06 7:55 p.m.8 views

CVE-2023-1919 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_save_settings_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglesavesettingscallback function. This makes it possible for unauthenticated attackers to change...

4.3CVSS6.6AI score0.00227EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/04/06 7:54 p.m.10 views

CVE-2023-1918

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglecallback function. This makes it possible for unauthenticated attackers to invoke a cache...

4.3CVSS4.2AI score0.00227EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/04/06 7:54 p.m.33 views

CVE-2023-1918 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_preload_single_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglecallback function. This makes it possible for unauthenticated attackers to invoke a cache...

4.3CVSS4.5AI score0.00227EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.5 views

PT-2023-17345 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is due to missing or incorrect nonce validation on the wpfc clear cache of allsites callback function, making it possible for unauthenticated...

4.3CVSS5.2AI score0.00227EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.6 views

PT-2023-17344 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is due to missing or incorrect nonce validation on the wpfc toolbar save settings callback function, making it possible for unauthenticated...

4.3CVSS5.3AI score0.00227EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.4 views

PT-2023-17338 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is due to missing or incorrect nonce validation on the wpfc preload single callback function, making it possible for unauthenticated attackers t...

4.3CVSS5.3AI score0.00227EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.6 views

PT-2023-17340 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache versions up to, and including, 1.1.2 Description: The issue is due to missing or incorrect nonce validation on the wpfc purgecache varnish callback function, making it possible for unauthenticated attackers to purge the varni...

4.3CVSS9.5AI score0.00227EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.5 views

PT-2023-17346 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is due to missing or incorrect nonce validation on the deleteCacheToolbar function, making it possible for unauthenticated attackers to perform...

4.3CVSS5.4AI score0.00227EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/04/06 12:0 a.m.6 views

PT-2023-17343 · WordPress · Wp Fastest Cache

Name of the Vulnerable Software and Affected Versions: WP Fastest Cache plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is due to missing or incorrect nonce validation on the wpfc remove cdn integration ajax request callback function, making it possible for...

4.3CVSS5.3AI score0.00227EPSS
Exploits0References7
OSV
OSV
added 2023/04/05 7:15 p.m.4 views

CVE-2022-4941

The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership...

8.8CVSS5.8AI score
Exploits0References3
NVD
NVD
added 2023/04/05 7:15 p.m.31 views

CVE-2022-4941

The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership...

8.8CVSS6.7AI score0.00321EPSS
Exploits0References3
Prion
Prion
added 2023/04/05 7:15 p.m.16 views

Cross site request forgery (csrf)

The WCFM Membership plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.10 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying membership...

6.8CVSS8.3AI score0.00321EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/04/05 6:15 p.m.5 views

CVE-2022-4936

The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping...

8.8CVSS7.3AI score0.00248EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/04/05 6:15 p.m.3 views

CVE-2022-4938

The WCFM Frontend Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying...

8.8CVSS7.2AI score0.00248EPSS
Exploits0References3
NVD
NVD
added 2023/04/05 6:15 p.m.18 views

CVE-2022-4936

The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping...

8.8CVSS6.8AI score0.00248EPSS
Exploits0References2
Rows per page
Query Builder