Lucene search
K

1836 matches found

NVD
NVD
added 2022/06/13 1:15 p.m.18 views

CVE-2022-1793

The Private Files WordPress plugin through 0.40 is missing CSRF check when disabling the protection, which could allow attackers to make a logged in admin perform such action via a CSRF attack and make the blog public...

4.3CVSS0.00412EPSS
Exploits2References1
NVD
NVD
added 2022/06/13 1:15 p.m.24 views

CVE-2022-1758

The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings...

8.8CVSS0.00597EPSS
Exploits2References1
NVD
NVD
added 2022/06/13 1:15 p.m.14 views

CVE-2022-1790

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS0.00513EPSS
Exploits2References1
NVD
NVD
added 2022/06/13 1:15 p.m.24 views

CVE-2022-1605

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

6.5CVSS0.00513EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.3 views

CVE-2022-1594

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

4.3CVSS5.8AI score0.00412EPSS
Exploits2References2
NVD
NVD
added 2022/06/13 1:15 p.m.14 views

CVE-2022-1624

The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS0.00513EPSS
Exploits2References1
Prion
Prion
added 2022/06/13 1:15 p.m.15 views

Cross site request forgery (csrf)

The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS6.3AI score0.00513EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/06/13 1:15 p.m.21 views

Cross site request forgery (csrf)

The New User Email Set Up WordPress plugin through 0.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS6.3AI score0.00513EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/06/13 1:15 p.m.19 views

Cross site request forgery (csrf)

The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL...

4.3CVSS4.5AI score0.00412EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/06/13 12:42 p.m.18 views

CVE-2022-1781 postTabs <= 2.10.6 - Arbitrary Settings Update via CSRF to Stored XSS

The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...

5.5AI score0.00292EPSS
Exploits2References1
Cvelist
Cvelist
added 2022/06/13 12:42 p.m.21 views

CVE-2022-1605 Email Users <= 4.8.8 - Arbitrary Settings Update via CSRF

The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users...

6.6AI score0.00513EPSS
Exploits2References1
NVD
NVD
added 2022/06/08 10:15 a.m.16 views

CVE-2022-1709

The Throws SPAM Away WordPress plugin before 3.3.1 does not have CSRF checks in place when deleting comments either all, spam, or pending, allowing attackers to make a logged in admin delete comments via a CSRF attack...

4.3CVSS0.00412EPSS
Exploits2References1
Prion
Prion
added 2022/06/08 10:15 a.m.15 views

Cross site request forgery (csrf)

The WP Simple Adsense Insertion WordPress plugin before 2.1 does not perform CSRF checks on updates to its admin page, allowing an attacker to trick a logged in user to manipulate ads and inject arbitrary javascript via submitting a form...

4.3CVSS4.7AI score0.00412EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/06/08 10:15 a.m.21 views

Cross site request forgery (csrf)

The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails t...

5.8CVSS5.4AI score0.00402EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2022/06/08 10:15 a.m.16 views

Cross site request forgery (csrf)

The LiveSync for WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS4.6AI score0.00412EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/06 12:0 a.m.18 views

Site Offline or Coming Soon <= 1.6.6 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF check in place when updating its settings, and it also lacking sanitisation as well as escaping in some of them. As a result, attackers could make a logged in admin change them and put Cross-Site Scripting payloads in them via a CSRF attack PoC...

6.1CVSS3AI score0.00739EPSS
Exploits2Affected Software1
The Hacker News
The Hacker News
added 2022/06/01 2:56 p.m.37 views

New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email

A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over th...

0.6AI score0.70276EPSS
Exploits1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.19 views

Cimy Header Image Rotator <= 6.1.1 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

4.3CVSS4.8AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/06/01 12:0 a.m.12 views

My Private Site < 3.0.8 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC...

4.3CVSS4.9AI score0.00412EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/31 12:0 a.m.17 views

Tiny Contact Form <= 0.7 - Arbitrary Settings Update via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC ''...

4.3CVSS4.7AI score0.00412EPSS
Exploits2Affected Software1
Rows per page
Query Builder