Lucene search
K

241 matches found

VulnCheck KEV
VulnCheck KEV
added 2024/09/19 12:0 a.m.6 views

VulnCheck KEV: CVE-2022-0885

The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments...

9.8CVSS5.9AI score0.09105EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/09/09 12:0 a.m.5 views

PT-2024-38901 · WordPress · Frontend Dashboard

Name of the Vulnerable Software and Affected Versions: Frontend Dashboard plugin for WordPress versions up to, and including, 2.2.4 Description: The issue is related to insufficient filtering on callable methods/functions via the ajax request function, allowing authenticated attackers with...

8.8CVSS7AI score0.00706EPSS
Exploits0References14
OSV
OSV
added 2024/08/30 10:15 a.m.3 views

CVE-2024-7858

The Media Library Folders plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on several AJAX functions in the media-library-plus.php file in all versions up to, and including, 8.2.3. This makes it possible for authenticated attackers, with subscriber-level...

6.3CVSS5.8AI score0.00331EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/07/09 12:35 p.m.5 views

WordPress Just Custom Fields plugin <= 3.3.2 - Cross-Site Request Forgery via AJAX actions vulnerability

Cross-Site Request Forgery via AJAX actions vulnerability discovered by Francesco Carlucci in WordPress Plugin Just Custom Fields versions = 3.3.2...

4.3CVSS7AI score0.00198EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/15 12:0 a.m.5 views

WordPress plugin Popup Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in the...

7.4CVSS6.8AI score0.00271EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/06/14 12:23 p.m.5 views

WordPress Popup Builder plugin <= 4.3.0 - Missing Authorization in Multiple AJAX Actions vulnerability

Missing Authorization in Multiple AJAX Actions vulnerability discovered by Alex Thomas in WordPress Plugin Popup Builder versions = 4.3.0...

7.4CVSS7AI score0.00271EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/06/12 12:0 a.m.4 views

WordPress plugin ARForms security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.3CVSS6.7AI score0.00358EPSS
Exploits2References2
OSV
OSV
added 2024/06/08 6:15 a.m.4 views

CVE-2024-5087

The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the validateajax, deactivateajax, and saveajax functions in all versions up to, and including, 2.38. This makes it possible for authenticated...

5.4CVSS5.8AI score
Exploits0References9
CNNVD
CNNVD
added 2024/06/06 12:0 a.m.4 views

WordPress plugin The Moneytizer security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.1CVSS6.8AI score0.00196EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/06/05 12:0 a.m.7 views

PT-2024-15150 · WordPress · The Moneytizer

Name of the Vulnerable Software and Affected Versions: The Moneytizer plugin for WordPress versions up to, and including, 9.5.20 Description: The issue is due to missing or incorrect nonce validation on multiple AJAX functions, making it possible for unauthenticated attackers to update and retrie...

8.1CVSS6.8AI score0.00196EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.5 views

PT-2024-18325 · WordPress · Analytify – Google Analytics Dashboard For Wordpress

Name of the Vulnerable Software and Affected Versions: The Analytify – Google Analytics Dashboard For WordPress plugin for WordPress versions up to, and including, 5.2.3 Description: The issue allows authenticated attackers with subscriber access or higher to obtain certain sensitive information...

5.4CVSS6.1AI score0.00293EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.4 views

WordPress plugin Control Menu Visibility 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.3CVSS6.3AI score0.0056EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/05/02 12:0 a.m.5 views

WordPress plugin Advanced Post Block 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.4AI score0.00516EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2024/05/01 5:23 p.m.30 views

CVE-2024-26958

A use-after-free flaw was found in fs/nfs/direct.c in the Linux kernel. This may lead to a crash...

5.5CVSS7.8AI score0.00244EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/01 5:19 a.m.21 views

CVE-2024-26958 nfs: fix UAF in direct writes

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

7.9AI score0.00244EPSS
Exploits0References8
CVE
CVE
added 2024/05/01 5:19 a.m.3886 views

CVE-2024-26958

CVE-2024-26958 is a Linux kernel vulnerability in the NFS direct write path that could cause use-after-free (refcount underflow) when completing nfs_direct_request twice in a row. A patch fixes the double-completion scenario; the CVSS 3.1 base score is 7.8 (High) with Local attack and High impact...

7.8CVSS6.7AI score0.00244EPSS
Exploits0References10Affected Software1
Debian CVE
Debian CVE
added 2024/05/01 5:19 a.m.20 views

CVE-2024-26958

In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------ cut here ------------ refcountt: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at lib/refcount.c:28...

7.8CVSS7.7AI score0.00244EPSS
Exploits0
OSV
OSV
added 2024/04/29 5:15 p.m.3 views

DEBIAN-CVE-2024-32491

An issue was discovered in Znuny and Znuny LTS 6.0.31 through 6.5.7 and Znuny 7.0.1 through 7.0.16 where a logged-in user can upload a file via a manipulated AJAX Request to an arbitrary writable location by traversing paths. Arbitrary code can be executed if this location is publicly available...

9.8CVSS5.6AI score0.00719EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/04/24 12:0 a.m.7 views

WordPress plugin WooCommerce Customers Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS8.7AI score0.00319EPSS
Exploits2References2
OSV
OSV
added 2024/02/12 4:15 p.m.4 views

CVE-2024-0421

The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts...

5.3CVSS5.9AI score0.00568EPSS
Exploits2References1
Rows per page
Query Builder