Lucene search
K

8782 matches found

ATTACKERKB
ATTACKERKB
added 2023/02/07 11:15 p.m.1 views

CVE-2023-0727

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS5.8AI score0.00322EPSS
Exploits0References4
NVD
NVD
added 2023/02/07 11:15 p.m.26 views

CVE-2023-0723

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxmoveobject function. This makes it possible for unauthenticated attackers to invoke this function via forg...

5.4CVSS5.2AI score0.00322EPSS
Exploits0References4
OSV
OSV
added 2023/02/07 11:15 p.m.6 views

CVE-2023-0730

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavefolderorder function. This makes it possible for unauthenticated attackers to invoke this function via...

4.3CVSS5.7AI score0.00322EPSS
Exploits0References3
Prion
Prion
added 2023/02/07 11:15 p.m.24 views

Cross site request forgery (csrf)

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavefolderorder function. This makes it possible for unauthenticated attackers to invoke this function via...

4.3CVSS4.4AI score0.00322EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/02/07 11:15 p.m.16 views

Cross site request forgery (csrf)

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxmoveobject function. This makes it possible for unauthenticated attackers to invoke this function via forg...

4.3CVSS4.4AI score0.00322EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/07 10:57 p.m.9 views

CVE-2023-0723 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_move_object

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxmoveobject function. This makes it possible for unauthenticated attackers to invoke this function via forg...

5.4CVSS6.5AI score0.00322EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/07 10:50 p.m.14 views

CVE-2023-0730 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_folder_order

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavefolderorder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS6.5AI score0.00322EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/02/07 10:49 p.m.21 views

CVE-2023-0727 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS5.5AI score0.00322EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/07 10:49 p.m.10 views

CVE-2023-0727 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_delete_folder

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS6.5AI score0.00322EPSS
Exploits0References3
OSV
OSV
added 2023/02/07 10:15 p.m.6 views

CVE-2023-0728

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavefolder function. This makes it possible for unauthenticated attackers to invoke this function via forg...

4.3CVSS5.7AI score0.00314EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/07 10:15 p.m.2 views

CVE-2023-0728

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavefolder function. This makes it possible for unauthenticated attackers to invoke this function via forg...

5.4CVSS5.8AI score0.00314EPSS
Exploits0References4
NVD
NVD
added 2023/02/07 10:15 p.m.29 views

CVE-2023-0728

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavefolder function. This makes it possible for unauthenticated attackers to invoke this function via forg...

5.4CVSS5.2AI score0.00314EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/02/07 9:5 p.m.11 views

CVE-2023-0728

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavefolder function. This makes it possible for unauthenticated attackers to invoke this function via forg...

5.4CVSS5.2AI score0.00314EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.8 views

PT-2023-16484 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is due to missing or incorrect nonce validation on the ajax save folder order function, making it possible for unauthenticated attackers to invo...

5.4CVSS5.4AI score0.00322EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.9 views

PT-2023-16482 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is due to missing or incorrect nonce validation on the ajax save folder function, making it possible for unauthenticated attackers to invoke thi...

5.4CVSS5.5AI score0.00314EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.6 views

PT-2023-16478 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is due to missing or incorrect nonce validation on the ajax move object function, making it possible for unauthenticated attackers to invoke thi...

5.4CVSS5.5AI score0.00322EPSS
Exploits0References7
NVD
NVD
added 2023/02/06 7:15 p.m.20 views

CVE-2022-2933

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...

8.8CVSS8.5AI score0.00512EPSS
Exploits1References3
OSV
OSV
added 2023/02/06 7:15 p.m.4 views

CVE-2022-2933

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...

8.8CVSS5.6AI score0.00512EPSS
Exploits1References2
ATTACKERKB
ATTACKERKB
added 2023/02/06 7:15 p.m.3 views

CVE-2022-2933

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...

8.8CVSS5.8AI score0.00512EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/02/06 6:9 p.m.11 views

CVE-2022-2933 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...

5.4CVSS7.2AI score0.00512EPSS
Exploits1References2
Rows per page
Query Builder