Lucene search
K

90 matches found

Vulnrichment
Vulnrichment
added 2023/08/31 5:33 a.m.2 views

CVE-2023-2171 BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS6.1AI score0.00354EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/31 5:33 a.m.18 views

CVE-2023-2171 BadgeOS <= 3.7.1.6 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The BadgeOS plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcodes in versions up to, and including, 3.7.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...

5.4CVSS5.2AI score0.00354EPSS
Exploits0References2
CVE
CVE
added 2023/08/31 5:33 a.m.39 views

CVE-2023-2171

The BadgeOS WordPress plugin vulnerability CVE-2023-2171 is a stored Cross-Site Scripting flaw in versions up to and including 3.7.1.6, caused by insufficient input sanitization and output escaping on shortcode attributes. It allows authenticated attackers with contributor-level and above permiss...

5.4CVSS5AI score0.00354EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/31 5:33 a.m.15 views

CVE-2023-2174 BadgeOS <= 3.7.1.6 - Missing Authorization in delete_badgeos_log_entries

The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the deletebadgeoslogentries function in versions up to, and including, 3.7.1.6. This makes it possible for authenticated attackers, with subscriber-level permissions and above,...

4.3CVSS6.6AI score0.00386EPSS
Exploits0References2
Cvelist
Cvelist
added 2023/08/31 5:33 a.m.21 views

CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...

4.3CVSS4.9AI score0.00515EPSS
Exploits0References5
CVE
CVE
added 2023/08/31 5:33 a.m.43 views

CVE-2023-2172

CVE-2023-2172 affects the BadgeOS WordPress plugin up to version 3.7.1.6. The issue arises from improper validation and authorization in four AJAX handlers (badgeos_update_steps_ajax_handler, badgeos_update_award_steps_ajax_handler, badgeos_update_deduct_steps_ajax_handler, badgeos_update_ranks_r...

4.3CVSS4.5AI score0.00515EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2023/08/31 5:33 a.m.46 views

CVE-2023-2174

The CVE-2023-2174 entry concerns the BadgeOS WordPress plugin. A missing capability check in the function delete_badgeos_log_entries allows authenticated users with subscriber-level permissions and above to modify the plugin’s data by deleting log entries. This affects BadgeOS versions up to and ...

4.3CVSS4.3AI score0.00386EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/31 5:33 a.m.16 views

CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite

The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...

4.3CVSS6.7AI score0.00515EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.5 views

PT-2023-18342 · WordPress · Badgeos

Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue allows authenticated attackers with subscriber-level permissions and above to modify data by deleting the plugin's log entries due to a missing...

4.3CVSS5.3AI score0.00386EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.7 views

WordPress plugin BadgeOS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.5AI score0.00515EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.4 views

WordPress plugin BadgeOS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.4AI score0.00386EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.7 views

WordPress plugin BadgeOS 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

6.5CVSS6.5AI score0.00515EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.3 views

PT-2023-18341 · WordPress · Badgeos

Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue is due to improper validation and authorization checks within the badgeos delete step ajax handler, badgeos delete award step ajax handler, badgeos...

6.5CVSS5.4AI score0.00515EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.7 views

PT-2023-18338 · WordPress · Badgeos

Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes, allowing authenticated attacker...

5.4CVSS6.4AI score0.00354EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.5 views

WordPress plugin BadgeOS 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...

5.4CVSS6.5AI score0.00354EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.8 views

PT-2023-18340 · WordPress · Badgeos

Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue is due to improper validation and authorization checks within the badgeos update steps ajax handler, badgeos update award steps ajax handler, badgeos...

4.3CVSS5.4AI score0.00515EPSS
Exploits0References8
Patchstack
Patchstack
added 2023/07/06 12:0 a.m.12 views

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2173 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 413cb9a5b860 Credits Alex Thomas Required...

6.5CVSS6.5AI score0.00515EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/07/06 12:0 a.m.15 views

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2172 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 56d76680559e Credits Alex Thomas Required...

4.3CVSS6.5AI score0.00515EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/07/06 12:0 a.m.10 views

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Scripting (XSS)

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2171 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 965111d21cf9 Credits Alex Thomas Required privilege...

5.4CVSS5.8AI score0.00354EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2023/05/25 11:15 a.m.43 views

CVE-2022-41987

Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...

8.8CVSS7.1AI score0.00246EPSS
Exploits0References1
Rows per page
Query Builder