Lucene search
K

8801 matches found

CVE
CVE
added 2023/04/05 1:23 p.m.64 views

CVE-2023-1867

CVE-2023-1867 affects the YourChannel WordPress plugin (versions

5.4CVSS6.6AI score0.00302EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/04/05 1:23 p.m.24 views

CVE-2023-1866 YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via...

5.4CVSS5.4AI score0.00296EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/04/05 1:23 p.m.12 views

CVE-2023-1866 YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via...

5.4CVSS6.6AI score0.00296EPSS
Exploits0References3
CVE
CVE
added 2023/04/05 1:23 p.m.53 views

CVE-2023-1866

CVE-2023-1866 concerns the YourChannel WordPress plugin (

5.4CVSS6.6AI score0.00296EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.4 views

PT-2023-17295 · WordPress · Yourchannel

Name of the Vulnerable Software and Affected Versions: YourChannel plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is due to missing or incorrect nonce validation on the clearKeys function, making it possible for unauthenticated attackers to reset the plugin's...

5.4CVSS5.3AI score0.00296EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.7 views

PT-2023-15922 · WordPress · Wcfm Marketplace

Name of the Vulnerable Software and Affected Versions: WCFM Marketplace plugin for WordPress versions up to and including 3.4.11 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying shipping method details, modifying products, and deleting arbitrar...

8.8CVSS8.9AI score0.00248EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.5 views

PT-2023-17300 · WordPress · Yourchannel

Name of the Vulnerable Software and Affected Versions: YourChannel plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the deleteLang function. This allows unauthenticated attacke...

5.4CVSS5.3AI score0.00282EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.6 views

PT-2023-17296 · WordPress · Yourchannel

Name of the Vulnerable Software and Affected Versions: YourChannel plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save function. This allows unauthenticated attackers to...

5.4CVSS5.3AI score0.00302EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/04/05 12:0 a.m.7 views

PT-2023-15927 · WordPress · Wcfm Membership

Name of the Vulnerable Software and Affected Versions: WCFM Membership plugin for WordPress versions up to, and including, 2.9.10 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying membership details, changing renewal information, controlling...

8.8CVSS8.8AI score0.00321EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2023/04/04 12:0 a.m.14 views

Comment Reply Notification <= 1.4 - Cross-Site Request Forgery

The plugin does not properly validate requests use nonces, leading to a Cross-Site Request Forgery CSRF vulnerability...

8.8CVSS6.8AI score0.00253EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/04/03 3:15 p.m.2 views

CVE-2023-1330

The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack...

6.5CVSS6.6AI score0.00344EPSS
Exploits2References1
NVD
NVD
added 2023/04/03 3:15 p.m.24 views

CVE-2023-1330

The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack...

6.5CVSS6.4AI score0.00344EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/04/03 2:38 p.m.10 views

CVE-2023-1330 Redirection < 1.1.4 - Redirect Creation via CSRF

The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack...

6.4AI score0.00344EPSS
Exploits2References1
CVE
CVE
added 2023/04/03 2:38 p.m.66 views

CVE-2023-1330

CVE-2023-1330 affects the Redirection WordPress plugin, versions prior to 1.1.4. The root cause is missing nonce verification when adding redirects, enabling a CSRF attack to create redirects. The impact is the potential unauthorized modification of redirects (I/H/CVE)**.

6.5CVSS6.3AI score0.00344EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2023/04/03 12:0 a.m.11 views

WordPress plugin Redirection 跨站请求伪造漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. uninstall is a plugin used to completely uninstall WordPress. relevant is a relevant...

6.5CVSS6.3AI score0.00344EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/04/03 12:0 a.m.4 views

PT-2023-16900 · WordPress · Redirection

Name of the Vulnerable Software and Affected Versions: The Redirection WordPress plugin versions prior to 1.1.4 Description: The issue concerns a lack of nonce verification when adding redirects, which could allow attackers to add redirects via a CSRF attack. Recommendations: For versions prior t...

6.5CVSS7.1AI score0.00344EPSS
Exploits2References6
ATTACKERKB
ATTACKERKB
added 2023/03/29 11:15 a.m.7 views

CVE-2023-1509

The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...

8.8CVSS6.5AI score0.00594EPSS
Exploits0References4
Prion
Prion
added 2023/03/29 11:15 a.m.16 views

Cross site request forgery (csrf)

The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...

6.8CVSS8.7AI score0.00594EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/29 10:14 a.m.6 views

CVE-2023-1509 GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion)

The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...

8.8CVSS7.9AI score0.00594EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/03/29 10:14 a.m.24 views

CVE-2023-1509 GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion)

The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...

8.8CVSS9AI score0.00594EPSS
Exploits0References3
Rows per page
Query Builder