Lucene search
K

8792 matches found

Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.6 views

PT-2023-16910 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is due to missing or incorrect nonce validation on the ajax deactivate function, making it possible for unauthenticated...

4.3CVSS5.3AI score0.00307EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.8 views

PT-2023-16911 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ucss connect function. This allow...

4.3CVSS5.2AI score0.00307EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/03/10 12:0 a.m.4 views

PT-2023-16912 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is due to missing or incorrect nonce validation on the attach rule function, making it possible for unauthenticated attackers ...

4.3CVSS5.3AI score0.00307EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.5 views

WordPress plugin RapidLoad Power-Up for Autoptimize 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in the...

4.3CVSS6.2AI score0.00307EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.5 views

WordPress plugin RapidLoad Power-Up for Autoptimize 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.2AI score0.00307EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/10 12:0 a.m.6 views

WordPress plugin RapidLoad Power-Up for Autoptimize 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in the...

4.3CVSS6.2AI score0.00315EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2023/03/10 12:0 a.m.10 views

WordPress WP Statistics Plugin < 13.1.2 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:veronalabs:wpstatistics"; ifdescription...

6.5CVSS6.6AI score0.00375EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2023/03/09 12:0 a.m.11 views

WordPress WPCode - Insert Headers and Footers Plugin < 2.0.7 Improper Authorization Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpcode:wpcode"; ifdescription...

4.3CVSS4.7AI score0.00801EPSS
Exploits2References1
OSV
OSV
added 2023/03/07 3:15 p.m.4 views

CVE-2021-4333

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

6.5CVSS5.7AI score0.00375EPSS
Exploits0References2
NVD
NVD
added 2023/03/07 3:15 p.m.13 views

CVE-2021-4333

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

6.5CVSS6.2AI score0.00375EPSS
Exploits0References3
Prion
Prion
added 2023/03/07 3:15 p.m.16 views

Cross site request forgery (csrf)

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

4.3CVSS6.2AI score0.00375EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/07 2:53 p.m.25 views

CVE-2021-4333 WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

6.5CVSS6.3AI score0.00375EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/03/07 2:53 p.m.10 views

CVE-2021-4333 WP Statistics <= 13.1.1 - Cross-Site Request Forgery to Arbitrary Plugin Activation and Deactivation

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

6.5CVSS6.7AI score0.00375EPSS
Exploits0References2
NVD
NVD
added 2023/03/07 2:15 p.m.15 views

CVE-2020-36669

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backupguardgetimportbackup function. This makes it possible for unauthenticated attackers to upload...

8.8CVSS8.5AI score0.00408EPSS
Exploits0References3
OSV
OSV
added 2023/03/07 2:15 p.m.3 views

CVE-2020-36669

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backupguardgetimportbackup function. This makes it possible for unauthenticated attackers to upload...

8.8CVSS5.9AI score0.00408EPSS
Exploits0References2
Prion
Prion
added 2023/03/07 2:15 p.m.20 views

Cross site request forgery (csrf)

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backupguardgetimportbackup function. This makes it possible for unauthenticated attackers to upload...

6.8CVSS8.4AI score0.00408EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/07 1:33 p.m.11 views

CVE-2020-36669

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backupguardgetimportbackup function. This makes it possible for unauthenticated attackers to upload...

8.8CVSS8.5AI score0.00408EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/03/07 1:33 p.m.22 views

CVE-2020-36669 JetBackup – WP Backup, Migrate & Restore <= 1.3.9 - Cross-Site Request Forgery to Arbitrary File Upload

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backupguardgetimportbackup function. This makes it possible for unauthenticated attackers to upload...

8.8CVSS8.5AI score0.00408EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/03/07 12:0 a.m.4 views

PT-2023-11836 · WordPress · Jetbackup

Name of the Vulnerable Software and Affected Versions: JetBackup – WP Backup, Migrate & Restore plugin for WordPress versions up to, and including 1.3.9 Description: The issue is due to missing nonce validation on the backup guard get import backup function, making it possible for unauthenticated...

8.8CVSS8.7AI score0.00408EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2023/03/06 12:0 a.m.25 views

WP Statistics < 14.0 - Authenticated SQLi

The plugin does not escape a parameter, which could allow authenticated users to perform SQL Injection attacks. By default, the affected feature is available to users with the manageoptions capability admin+, however the plugin has a settings to allow low privilege users to access it as well. PoC...

8.8CVSS8.9AI score0.00898EPSS
Exploits2Affected Software1
Rows per page
Query Builder