Lucene search
K

8 matches found

Circl
Circl
added 2023/06/09 12:21 p.m.6 views

CVE-2023-0992

creationtimestamp| type| source ---|---|--- 2023-06-09 12:21:43+00:00| seen| Telegram/ozoKH7dnZ0pbKoSF29vh5FHOSPdJwwMU8XLfl-aQv0uceA...

7.2CVSS6AI score0.93046EPSS
Exploits2
NVD
NVD
added 2023/06/09 6:15 a.m.27 views

CVE-2023-0993

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

4.3CVSS5.1AI score0.0055EPSS
Exploits2References4
NVD
NVD
added 2023/06/09 6:15 a.m.29 views

CVE-2023-0992

The Shield Security plugin for WordPress is vulnerable to stored Cross-Site Scripting in versions up to, and including, 17.0.17 via the 'User-Agent' header. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an...

7.2CVSS4.7AI score0.93046EPSS
Exploits2References4
Prion
Prion
added 2023/06/09 6:15 a.m.24 views

Cross site scripting

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

4CVSS5AI score0.93046EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.15 views

CVE-2023-0993 Shield Security <= 17.0.17 - Missing Authorization

The Shield Security plugin for WordPress is vulnerable to Missing Authorization on the 'theme-plugin-file' AJAX action in versions up to, and including, 17.0.17. This allows authenticated attackers to add arbitrary audit log entries indicating that a theme or plugin has been edited, and is also a...

4.3CVSS6.6AI score0.0055EPSS
Exploits2References4
CVE
CVE
added 2023/06/09 5:33 a.m.94 views

CVE-2023-0992

CVE-2023-0992 relates to the Shield Security plugin for WordPress. The Red Hat data corroborates a later feed showing a Missing Authorization issue on the theme-plugin-file AJAX action in versions up to and including 17.0.17, and notes that this can serve as a vector for the stored Cross-Site Scr...

7.2CVSS5AI score0.93046EPSS
Exploits2References4Affected Software1
Patchstack
Patchstack
added 2023/04/25 12:0 a.m.16 views

WordPress Shield Security Plugin <= 17.0.17 is vulnerable to Cross Site Scripting (XSS)

Software Shield Security Type Plugin Vulnerable versions = 17.0.17 Fixed in 17.0.18 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0992 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 814ad86ffa89 Credits Ramuel Gall Requir...

7.2CVSS5.9AI score0.93046EPSS
Exploits2References3Affected Software1
Packet Storm
Packet Storm
added 2023/04/25 12:0 a.m.315 views

WordPress Shield Security 17.0.17 Cross Site Scripting / Missing Authorization

Affected Plugin: Shield Security – Smart Bot Blocking & Intrusion Prevention Plugin Slug: wp-simple-firewall Affected Versions: = 17.0.17 CVE ID: CVE-2023-0992 CVSS Score: 7.2 High CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N Researcher/s: Ramuel Gall Fully Patched Version: 17.0.18 T...

6.3AI score0.93046EPSS
Exploits2
Rows per page
Query Builder