Lucene search
+L

90 matches found

osv
osv
added 2023/05/25 11:15 a.m.5 views

CVE-2022-41987

Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...

8.8CVSS5.8AI score0.00246EPSS
Exploits0References1
prion
prion
added 2023/05/25 11:15 a.m.16 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...

6.8CVSS8.7AI score0.00246EPSS
Exploits0References1Affected Software1
cve
cve
added 2023/05/25 10:13 a.m.55 views

CVE-2022-41987

CVE-2022-41987: A Cross-Site Request Forgery (CSRF) vulnerability in the LearningTimes BadgeOS WordPress plugin is present in versions

8.8CVSS7.5AI score0.00246EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/05/25 10:13 a.m.8 views

CVE-2022-41987 WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...

6.3CVSS7AI score0.00246EPSS
Exploits0References1
cvelist
cvelist
added 2023/05/25 10:13 a.m.39 views

CVE-2022-41987 WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...

6.3CVSS9AI score0.00246EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2023/05/25 12:0 a.m.9 views

PT-2023-14055 · Learningtimes · Badgeos

Name of the Vulnerable Software and Affected Versions: LearningTimes BadgeOS plugin versions = 3.7.1.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web applicatio...

8.8CVSS8.9AI score0.00246EPSS
Exploits0References3
cnnvd
cnnvd
added 2023/05/25 12:0 a.m.19 views

WordPress plugin BadgeOS 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS8.1AI score0.00246EPSS
Exploits0References2
patchstack
patchstack
added 2023/04/18 12:0 a.m.14 views

WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-41987 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID ece317dfb61e Credits István Márton Required...

8.8CVSS7AI score0.00246EPSS
Exploits0References1Affected Software1
wpvulndb
wpvulndb
added 2023/04/18 12:0 a.m.19 views

BadgeOS <= 3.7.1.6 - CSRF

The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.7AI score0.00246EPSS
Exploits0Affected Software1
osv
osv
added 2022/09/19 2:15 p.m.4 views

CVE-2022-2958

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...

8.8CVSS5.8AI score0.00994EPSS
Exploits2References1
nvd
nvd
added 2022/09/19 2:15 p.m.30 views

CVE-2022-2958

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...

8.8CVSS0.00994EPSS
Exploits2References1
attackerkb
attackerkb
added 2022/09/19 2:15 p.m.4 views

CVE-2022-2958

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...

8.8CVSS5.9AI score0.00994EPSS
Exploits2References2
prion
prion
added 2022/09/19 2:15 p.m.16 views

Sql injection

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...

6.5CVSS8.7AI score0.00994EPSS
Exploits2References1Affected Software1
cvelist
cvelist
added 2022/09/19 2:1 p.m.30 views

CVE-2022-2958 BadgeOS < 3.7.1.3 - Subscriber+ SQLi

The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...

8.9AI score0.00994EPSS
Exploits2References1
cve
cve
added 2022/09/19 2:1 p.m.71 views

CVE-2022-2958

The CVE-2022-2958 entry concerns the BadgeOS WordPress plugin before 3.7.1.3. The issue is that parameters are not properly sanitised/escaped before being used in SQL statements via AJAX actions that are accessible to any authenticated user, enabling SQL injection. Affected component: BadgeOS Wor...

8.8CVSS8.8AI score0.00994EPSS
In wildExploits2References1Affected Software1
cnnvd
cnnvd
added 2022/09/19 12:0 a.m.5 views

WordPress plugin BadgeOS SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...

8.8CVSS8AI score0.00994EPSS
Exploits2References2
ptsecurity
ptsecurity
added 2022/09/19 12:0 a.m.7 views

PT-2022-19704 · WordPress · Badgeos

Name of the Vulnerable Software and Affected Versions: BadgeOS WordPress plugin versions prior to 3.7.1.3 Description: The issue concerns the BadgeOS WordPress plugin, which does not properly sanitise and escape parameters before using them in SQL statements via AJAX actions. This can lead to SQL...

8.8CVSS8.7AI score0.00994EPSS
Exploits2References4
wpvulndb
wpvulndb
added 2022/08/23 12:0 a.m.19 views

BadgeOS < 3.7.1.3 - Subscriber+ SQLi

The plugin does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections PoC Open the following URL as any authenticated user such as subscriber:...

8.8CVSS1.5AI score0.00994EPSS
Exploits2Affected Software1
patchstack
patchstack
added 2022/08/23 12:0 a.m.33 views

WordPress BadgeOS plugin <= 3.7.1.2 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress BadgeOS plugin versions = 3.7.1.2. Solution Update the WordPress BadgeOS plugin to the latest available version at least 3.7.1.3...

8.8CVSS3AI score0.00994EPSS
Exploits2References1Affected Software1
wpexploit
wpexploit
added 2022/08/23 12:0 a.m.700 views

BadgeOS < 3.7.1.3 - Subscriber+ SQLi

The plugin does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections Open the following URL as any authenticated user such as subscriber:...

8.8CVSS0.8AI score0.00994EPSS
Exploits2
Rows per page
Query Builder