10 matches found
CVE-2023-0711
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavestate function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...
CVE-2023-0722
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...
The vulnerability of the ajax_save_state() function in the Wicked Folders plugin of the WordPress content management system allows a hacker to perform a CSRF attack.
The vulnerability of the ajaxsavestate function in the Wicked Folders plugin of the WordPress content management system is related to the manipulation of cross-site requests. Exploiting this vulnerability could allow a malicious actor to execute a CSRF attack from a remote location...
CVE-2023-0722
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...
CVE-2023-0722
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...
CVE-2023-0711
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavestate function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...
CVE-2023-0711
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavestate function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...
WordPress plugin Wicked Folders 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. The WordPress plugin Wicked Folders suffers from a...
PT-2023-16468 · WordPress · Wicked Folders
Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax save state function, allowing authenticated attackers with subscriber-level permissions and...
PT-2022-6290 · WordPress · Wicked Folders
Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax save state function. This allows unauthenticat...