Lucene search
K

8782 matches found

wpexploit
wpexploit
added 2023/01/20 12:0 a.m.402 views

FL3R FeelBox <= 8.1 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. 1. Visit a blog post and extract the nonce from the source search for "feelboxAjax", and extract the "token" curl -s...

9.8CVSS9.6AI score0.0105EPSS
Exploits2
OSV
OSV
added 2023/01/19 3:15 p.m.2 views

CVE-2023-0403

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

5.4CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2023/01/19 3:15 p.m.33 views

CVE-2023-0403

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

5.4CVSS5.2AI score0.00374EPSS
Exploits2References3
Prion
Prion
added 2023/01/19 3:15 p.m.22 views

Cross site request forgery (csrf)

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

5.8CVSS5.2AI score0.00374EPSS
Exploits2References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/19 2:7 p.m.11 views

CVE-2023-0403 Social Warfare <= 4.3.1 - Cross-Site Request Forgery

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

5.4CVSS6AI score0.00374EPSS
Exploits2References2
Cvelist
Cvelist
added 2023/01/19 2:7 p.m.37 views

CVE-2023-0403 Social Warfare <= 4.3.1 - Cross-Site Request Forgery

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

5.4CVSS5.5AI score0.00374EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2023/01/19 12:0 a.m.10 views

PT-2023-16244 · WordPress · Social Warfare

Name of the Vulnerable Software and Affected Versions: Social Warfare plugin for WordPress versions up to, and including, 4.4.0 Description: The issue is due to missing or incorrect nonce validation on several AJAX actions, making it possible for unauthenticated attackers to delete post meta...

5.4CVSS5.3AI score0.00374EPSS
Exploits2References5
NVD
NVD
added 2023/01/18 3:15 p.m.24 views

CVE-2023-0385

The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...

4.3CVSS4.3AI score0.00319EPSS
Exploits0References3
OSV
OSV
added 2023/01/18 3:15 p.m.4 views

CVE-2023-0385

The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...

4.3CVSS5.6AI score0.00319EPSS
Exploits0References2
Prion
Prion
added 2023/01/18 3:15 p.m.15 views

Cross site request forgery (csrf)

The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...

4.3CVSS4.4AI score0.00319EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/18 2:18 p.m.11 views

CVE-2023-0385 Custom 404 Pro <= 3.7.1 - Cross-Site Request Forgery

The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...

4.3CVSS5.8AI score0.00319EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/01/18 2:18 p.m.27 views

CVE-2023-0385 Custom 404 Pro <= 3.7.1 - Cross-Site Request Forgery

The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...

4.3CVSS4.6AI score0.00319EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/01/18 12:0 a.m.5 views

PT-2023-16234 · WordPress · Custom 404 Pro

Name of the Vulnerable Software and Affected Versions: Custom 404 Pro plugin for WordPress versions up to, and including, 3.7.1 Description: The issue is due to missing or incorrect nonce validation on the custom 404 pro admin init function, making it possible for unauthenticated attackers to...

4.3CVSS4.5AI score0.00319EPSS
Exploits0References7
CNNVD
CNNVD
added 2023/01/18 12:0 a.m.4 views

WordPress plugin Custom 404 Pro 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site request forgery vulnerability...

4.3CVSS4.8AI score0.00319EPSS
Exploits0References3
Code423n4
Code423n4
added 2023/01/17 12:0 a.m.10 views

KYC signature can be reused to regain KYC status

Lines of code Vulnerability details The function addKYCAddressViaSignature of the KYCRegistry contract allows a user to be granted a KYC status using a signature provided by Ondo. The function validates that the signer has the corresponding role for the requirement group and adds the user to the...

6.7AI score
Exploits0
wpexploit
wpexploit
added 2023/01/16 12:0 a.m.136 views

Stream < 3.9.2 - Subscriber+ Alert Creation

The plugin does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information. Step 1: Log in as a subscriber Step 2: Get a nonce from...

6.5CVSS6.3AI score0.0091EPSS
Exploits2
Code423n4
Code423n4
added 2023/01/16 12:0 a.m.15 views

Signature Replay no nonce

Lines of code Vulnerability details Impact There is a signature replay vulnerability. That means that the signature can be reused in the same contract from anyone calling. The vulnerability relies in the fact that there is no nonce specified for every caller. This means that you can take a...

6.7AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/01/15 5:10 a.m.13 views

sec.custhelp.com Open Redirect vulnerability OBB-3151771

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

0.1AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2023/01/13 8:15 p.m.4 views

CVE-2023-0294

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image...

8.8CVSS5.8AI score0.00369EPSS
Exploits0References3
OSV
OSV
added 2023/01/13 8:15 p.m.4 views

CVE-2023-0294

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image...

4.3CVSS5.6AI score0.00369EPSS
Exploits0References2
Rows per page
Query Builder