3 matches found
CVE-2023-0723
creationtimestamp| type| source ---|---|--- 2023-02-08 02:23:32+00:00| seen| https://t.me/cibsecurity/57730...
CVE-2023-0723 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery on ajax_move_object
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxmoveobject function. This makes it possible for unauthenticated attackers to invoke this function via forg...
CVE-2023-0723
CVE-2023-0723 describes a Cross-Site Request Forgery in the WordPress Wicked Folders plugin up to version 2.18.16, caused by missing/incorrect nonce validation on the ajax_move_object function. This allows unauthenticated attackers to induce actions on behalf of an administrator (e.g., altering f...