Lucene search
K

8794 matches found

CVE
CVE
added 2023/02/28 12:55 p.m.54 views

CVE-2023-1026

Summary: CVE-2023-1026 affects the WP Meta SEO WordPress plugin (versions up to 4.5.3). The root cause is a missing capability check in the listPostsCategory function, causing unauthorized data access. The vulnerability arises because nonce-based access control was relied upon and the nonce was a...

4.3CVSS5.2AI score0.00576EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2023/02/28 12:55 p.m.23 views

CVE-2023-1026 WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

4.3CVSS4.6AI score0.00576EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/28 12:55 p.m.8 views

CVE-2023-1026 WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

4.3CVSS6.6AI score0.00576EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/28 12:54 p.m.12 views

CVE-2023-1027

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post...

4.3CVSS4.3AI score0.00486EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/28 12:53 p.m.9 views

CVE-2023-1028 WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'setIgnore'

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged...

4.3CVSS6.6AI score0.00316EPSS
Exploits0References3
CVE
CVE
added 2023/02/28 12:53 p.m.69 views

CVE-2023-1028

CVE-2023-1028: WP Meta SEO plugin for WordPress (versions

4.3CVSS5.2AI score0.00316EPSS
Exploits0References4Affected Software1
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.9 views

PT-2023-16695 · WordPress · Wp Meta Seo

Name of the Vulnerable Software and Affected Versions: WP Meta SEO plugin for WordPress versions up to, and including, 4.5.3 Description: The issue allows authenticated attackers with subscriber-level access to update plugin settings without proper authorization. This is due to a missing capabili...

5.4CVSS5.3AI score0.00538EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.6 views

PT-2023-16700 · WordPress · Wp Meta Seo

Name of the Vulnerable Software and Affected Versions: WP Meta SEO plugin for WordPress versions up to, and including, 4.5.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the setIgnore function. This allows unauthenticated attacker...

4.3CVSS5.3AI score0.00316EPSS
Exploits0References8
NVD
NVD
added 2023/02/27 2:15 p.m.10 views

CVE-2023-1068

The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the readmoreexcerptlinkmenuoptions function. This makes it possible for unauthenticated attackers t...

4.3CVSS4.2AI score0.00296EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/27 2:15 p.m.4 views

CVE-2023-1068

The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the readmoreexcerptlinkmenuoptions function. This makes it possible for unauthenticated attackers t...

4.3CVSS6.5AI score0.00296EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/02/27 2:15 p.m.3 views

CVE-2023-1068

The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the readmoreexcerptlinkmenuoptions function. This makes it possible for unauthenticated attackers t...

4.3CVSS6.3AI score0.00296EPSS
Exploits0References2
Prion
Prion
added 2023/02/27 2:15 p.m.16 views

Cross site request forgery (csrf)

The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the readmoreexcerptlinkmenuoptions function. This makes it possible for unauthenticated attackers t...

4.3CVSS4.3AI score0.00296EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/27 1:29 p.m.17 views

CVE-2023-1068 Download Read More Excerpt Link <= 1.6.0 - Cross-Site Request Forgery to Settings Update

The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the readmoreexcerptlinkmenuoptions function. This makes it possible for unauthenticated attackers t...

4.3CVSS4.6AI score0.00296EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/27 1:29 p.m.7 views

CVE-2023-1068

The Download Read More Excerpt Link plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the readmoreexcerptlinkmenuoptions function. This makes it possible for unauthenticated attackers t...

4.3CVSS4.3AI score0.00296EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/02/27 12:0 a.m.4 views

WordPress Plugin Download Read More Excerpt Link 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.2AI score0.00296EPSS
Exploits0References3
OSV
OSV
added 2023/02/24 8:15 p.m.5 views

CVE-2023-1029

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forg...

4.3CVSS6.5AI score0.00296EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/02/24 8:15 p.m.1 views

CVE-2023-1029

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forg...

4.3CVSS6.6AI score0.00296EPSS
Exploits0References3
Prion
Prion
added 2023/02/24 8:15 p.m.21 views

Cross site request forgery (csrf)

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forg...

4.3CVSS4.3AI score0.00296EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/02/24 7:25 p.m.31 views

CVE-2023-1029 WP Meta SEO <= 4.5.3 - Cross-Site Request Forgery via 'regenerateSitemaps'

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forg...

4.3CVSS4.6AI score0.00296EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2023/02/24 7:25 p.m.10 views

CVE-2023-1029

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the regenerateSitemaps function. This makes it possible for unauthenticated attackers to regenerate Sitemaps via a forg...

4.3CVSS4.3AI score0.00296EPSS
Exploits0References2
Rows per page
Query Builder