Lucene search
K

8783 matches found

Vulnrichment
Vulnrichment
added 2023/02/06 6:9 p.m.11 views

CVE-2022-2933 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...

5.4CVSS7.2AI score0.00512EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/02/06 6:9 p.m.29 views

CVE-2022-2933 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...

5.4CVSS8.6AI score0.00512EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/02/06 12:0 a.m.6 views

WordPress plugin 0mk Shortener 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS6.8AI score0.00512EPSS
Exploits1References3
VulnCheck KEV
VulnCheck KEV
added 2023/01/29 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24278

In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function...

7.5CVSS7.1AI score0.07359EPSS
Exploits2References1
OSV
OSV
added 2023/01/27 10:15 p.m.3 views

CVE-2023-0557

The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts...

5.3CVSS6AI score0.00906EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2023/01/27 10:15 p.m.2 views

CVE-2023-0557

The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts...

7.5CVSS6.1AI score0.00906EPSS
Exploits1References4
NVD
NVD
added 2023/01/27 10:15 p.m.22 views

CVE-2023-0557

The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts...

7.5CVSS7.4AI score0.00906EPSS
Exploits1References4
Prion
Prion
added 2023/01/27 10:15 p.m.15 views

Design/Logic Flaw

The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts...

5CVSS5.2AI score0.00906EPSS
Exploits1References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/01/27 9:15 p.m.3 views

CVE-2023-0554

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...

7.6CVSS5.8AI score0.00368EPSS
Exploits1References4
OSV
OSV
added 2023/01/27 9:15 p.m.4 views

CVE-2023-0554

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...

4.3CVSS5.7AI score0.00368EPSS
Exploits1References3
Prion
Prion
added 2023/01/27 9:15 p.m.18 views

Cross site request forgery (csrf)

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...

4.3CVSS4.5AI score0.00368EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2023/01/27 9:9 p.m.31 views

CVE-2023-0557 ContentStudio <= 1.2.5 - Information Exposure

The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts...

7.5CVSS7.6AI score0.00906EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/01/27 8:28 p.m.11 views

CVE-2023-0554 Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery

The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...

8.1CVSS5.8AI score0.00368EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2023/01/27 12:0 a.m.17 views

ContentStudio < 1.2.6 - Nonce Disclosure

The plugin discloses sensitive information to unauthenticated users, such as a nonce used to create a posts...

7.5CVSS5.5AI score0.00906EPSS
Exploits1Affected Software1
Positive Technologies
Positive Technologies
added 2023/01/27 12:0 a.m.8 views

PT-2023-16358 · WordPress · Quick Restaurant Menu

Name of the Vulnerable Software and Affected Versions: Quick Restaurant Menu plugin for WordPress versions up to and including 2.0.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on AJAX actions. This allows unauthenticated attackers ...

7.6CVSS4.7AI score0.00368EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2023/01/27 12:0 a.m.6 views

PT-2023-16361 · WordPress · Contentstudio

Name of the Vulnerable Software and Affected Versions: ContentStudio plugin for WordPress versions up to and including 1.2.5 Description: The issue allows unauthenticated attackers to obtain a nonce needed for the creation of posts, potentially exposing sensitive information. Recommendations: For...

7.5CVSS5.3AI score0.00906EPSS
Exploits1References6
VulnCheck KEV
VulnCheck KEV
added 2023/01/23 12:0 a.m.2 views

VulnCheck KEV: CVE-2021-24918

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...

5.4CVSS5.9AI score0.00654EPSS
Exploits1References1
Code423n4
Code423n4
added 2023/01/20 12:0 a.m.8 views

Unauthorized Access in _verifySignature function due to improper use of msg.sender.

Lines of code Vulnerability details Impact if unmaskedAddressComparisonofferer, msg.sender return; If an attacker is able to call this function and make the msg.sender match the offerer, they will bypass the signature verification check and may be able to execute the contract's functionality as i...

7.1AI score
Exploits0
Vulnrichment
Vulnrichment
added 2023/01/20 12:0 a.m.7 views

CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

5.9AI score0.00389EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/01/20 12:0 a.m.25 views

CVE-2023-22912

An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...

5.6AI score0.00389EPSS
Exploits1References1
Rows per page
Query Builder