Lucene search
+L

177 matches found

WPVulnDB
WPVulnDB
added 2024/02/06 12:0 a.m.27 views

Total Upkeep < 1.15.9 - Improper Authorization to Unauthenticated Arbitrary File Download

Description The Total Upkeep – WordPress Backup Plugin plus Restore & Migrate by BoldGrid plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check in all versions up to, and including, 1.15.8. This makes it possible for unauthenticated attackers to...

5CVSS7.1AI score0.00658EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/10/09 12:0 a.m.13 views

Post and Page Builder by BoldGrid < 1.24.2 - Editor Settings Update via CSRF

Description The plugin does not have CSRF check when updating the plugin's preferred editor settings, which could allow attackers to make logged in admin perform such action via a CSRF attack...

8.8CVSS6.9AI score0.00214EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/10/06 1:15 p.m.3 views

CVE-2023-25480

Cross-Site Request Forgery CSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin = 1.24.1 versions...

8.8CVSS5.8AI score0.00214EPSS
Exploits0References1
NVD
NVD
added 2023/10/06 1:15 p.m.25 views

CVE-2023-25480

Cross-Site Request Forgery CSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin = 1.24.1 versions...

8.8CVSS5.8AI score0.00214EPSS
Exploits0References1
Prion
Prion
added 2023/10/06 1:15 p.m.21 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin = 1.24.1 versions...

6.8CVSS8.8AI score0.00214EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2023/10/06 12:41 p.m.69 views

CVE-2023-25480

CVE-2023-25480 describes a Cross-Site Request Forgery (CSRF) vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor for WordPress. The issue affects versions = 1.24.2. Reported impact categories in the sources include potential unauthorized actions performed on ...

8.8CVSS6.5AI score0.00214EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/10/06 12:41 p.m.35 views

CVE-2023-25480 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin = 1.24.1 versions...

4.3CVSS9AI score0.00214EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/10/06 12:41 p.m.11 views

CVE-2023-25480 WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin = 1.24.1 versions...

4.3CVSS7.4AI score0.00214EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/10/06 12:0 a.m.6 views

PT-2023-20099 · Boldgrid · Post/Page Builder By Boldgrid

Name of the Vulnerable Software and Affected Versions: BoldGrid Post and Page Builder by BoldGrid – Visual Drag and Drop Editor plugin versions = 1.24.1 Description: A Cross-Site Request Forgery CSRF issue affects the plugin, allowing unauthorized actions to be performed on behalf of the user...

8.8CVSS7.6AI score0.00214EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/10/06 12:0 a.m.5 views

WordPress Plugin Post and Page Builder by BoldGrid - Visual Drag and Drop Editor Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Post and Page Builder...

8.8CVSS6.5AI score0.00214EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/08/22 12:0 a.m.23 views

WordPress Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Plugin <= 1.24.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post and Page Builder by BoldGrid – Visual Drag and Drop Editor Type Plugin Vulnerable versions = 1.24.1 Fixed in 1.24.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-25480 Patch priority Low CVSS severity Low 4.3 Developer Claim...

8.8CVSS6.6AI score0.00214EPSS
Exploits0References2Affected Software1
Metasploit
Metasploit
added 2021/01/06 5:41 p.m.93 views

WordPress Total Upkeep Unauthenticated Backup Downloader

This module exploits an unauthenticated database backup vulnerability in WordPress plugin 'Boldgrid-Backup' also known as 'Total Upkeep' version use auxiliary/scanner/http/wptotalupkeepdownloader msf auxiliarywptotalupkeepdownloader show actions ...actions... msf auxiliarywptotalupkeepdownloader...

7.5CVSS6.9AI score0.01095EPSS
Exploits2
Packet Storm
Packet Storm
added 2020/12/14 12:0 a.m.403 views

WordPress Total Upkeep 1.14.9 Backup Disclosure

Exploit Title: WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Google Dork: intitle:"Index of" AND "wp-content/plugins/boldgrid-backup/=" Date: 2020-12-12 Exploit Author: Wadeek Vendor Homepage: https://www.boldgrid.com/ Software Link:...

7.4AI score
Exploits0
wpexploit
wpexploit
added 2020/12/14 12:0 a.m.83 views

Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download

The plugin does not restrict access to a file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them. The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the backup...

0.8AI score
Exploits0References1
WPVulnDB
WPVulnDB
added 2020/12/14 12:0 a.m.13 views

Total Upkeep by BoldGrid < 1.14.10 - Unauthenticated Backup Download

The plugin does not restrict access to a file containing sensitive information, such as the internal path of backups, which may then allow unauthenticated users to download them. PoC The filepath in /wp-content/plugins/boldgrid-backup/cron/restore-info.json will reveal the internal path of the...

2.9AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2020/12/14 12:0 a.m.51 views

Total Upkeep by BoldGrid < 1.14.10 - Sensitive Data Disclosure (Server IP Address, UID etc)

The plugin does not restrict access to a file containing sensitive information, such as the real server IP address, UID and so on, which may help attackers in further attacks. GET /wp-content/plugins/boldgrid-backup/cli/env-info.php ..., "phpuname":"Linux wordpress-server X.X.X-XX-generic XX-Ubun...

1.3AI score
Exploits0References1
Exploit DB
Exploit DB
added 2020/12/14 12:0 a.m.862 views

WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download

Exploit Title: WordPress Plugin Total Upkeep 1.14.9 - Database and Files Backup Download Google Dork: intitle:"Index of" AND "wp-content/plugins/boldgrid-backup/=" Date: 2020-12-12 Exploit Author: Wadeek Vendor Homepage: https://www.boldgrid.com/ Software Link:...

7.4AI score
Exploits0
Rows per page
Query Builder