Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:39 a.m.4 views

CVE-2023-0711

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavestate function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS4.3AI score0.00576EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.6 views

CVE-2023-0722

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS4.3AI score0.00308EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.6 views

The vulnerability of the ajax_save_state() function in the Wicked Folders plugin of the WordPress content management system allows a hacker to perform a CSRF attack.

The vulnerability of the ajaxsavestate function in the Wicked Folders plugin of the WordPress content management system is related to the manipulation of cross-site requests. Exploiting this vulnerability could allow a malicious actor to execute a CSRF attack from a remote location...

6.4CVSS6.3AI score0.00308EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/02/08 2:15 a.m.5 views

CVE-2023-0722

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...

4.3CVSS6.3AI score0.00308EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.2 views

CVE-2023-0722

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2023/02/08 2:15 a.m.5 views

CVE-2023-0711

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavestate function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

4.3CVSS5.8AI score0.00576EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.3 views

CVE-2023-0711

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavestate function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.20 views

WordPress plugin Wicked Folders 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. The WordPress plugin Wicked Folders suffers from a...

5.4CVSS6.1AI score0.00308EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/02/08 12:0 a.m.5 views

PT-2023-16468 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax save state function, allowing authenticated attackers with subscriber-level permissions and...

5.4CVSS5.2AI score0.00576EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/07/02 12:0 a.m.8 views

PT-2022-6290 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax save state function. This allows unauthenticat...

6.4CVSS5.3AI score0.00308EPSS
Exploits0References9
Rows per page
Query Builder