Lucene search
K

121 matches found

Prion
Prion
added 2024/02/27 11:15 a.m.11 views

Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.7AI score0.0034EPSS
Exploits0References2
Prion
Prion
added 2024/02/27 11:15 a.m.25 views

Cross site request forgery (csrf)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...

4.3CVSS6.7AI score0.00204EPSS
Exploits0References2
Prion
Prion
added 2024/02/27 11:15 a.m.17 views

Cross site request forgery (csrf)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...

4.3CVSS6.7AI score0.00202EPSS
Exploits0References2
Prion
Prion
added 2024/02/27 11:15 a.m.14 views

Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.7AI score0.0034EPSS
Exploits0References2
Prion
Prion
added 2024/02/27 11:15 a.m.16 views

Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.8AI score0.0034EPSS
Exploits0References2
Prion
Prion
added 2024/02/27 11:15 a.m.17 views

Cross site request forgery (csrf)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS6.7AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/27 11:5 a.m.32 views

CVE-2024-1649 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2024/02/27 11:5 a.m.124 views

CVE-2024-1649

CVE-2024-1649 affects the Categorify plugin for WordPress. The vulnerability arises from a missing capability check in categorifyAjaxDeleteCategory, affecting all versions up to and including 1.0.7.4. This allows authenticated users with subscriber-level access and above to delete categories. The...

4.3CVSS5.2AI score0.0034EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/27 11:5 a.m.12 views

CVE-2024-1650 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/27 11:5 a.m.26 views

CVE-2024-1650 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxRenameCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/27 11:5 a.m.12 views

CVE-2024-1649 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxDeleteCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References2
CVE
CVE
added 2024/02/27 11:5 a.m.129 views

CVE-2024-1650

CVE-2024-1650: WordPress Categorify plugin (up to 1.0.7.4) suffers missing authorization in categorifyAjaxRenameCategory, enabling authenticated users with subscriber+ rights to rename categories. PatchStack notes vulnerability in versions

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/27 11:5 a.m.129 views

CVE-2024-1910

The CVE concerns WordPress Categorify plugin (Categorify – WordPress Media Library Category & File Manager). Affected versions: all up to and including 1.0.7.4. Root cause: missing or incorrect nonce validation in the categorifyAjaxClearCategory function, enabling Cross-Site Request Forgery. Effe...

4.3CVSS5.2AI score0.00202EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/27 11:5 a.m.14 views

CVE-2024-1910 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...

4.3CVSS6.6AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/27 11:5 a.m.37 views

CVE-2024-1910 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxClearCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...

4.3CVSS4.5AI score0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/27 11:5 a.m.11 views

CVE-2024-1652 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxClearCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/27 11:5 a.m.35 views

CVE-2024-1652 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxClearCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/27 11:5 a.m.25 views

CVE-2024-1906 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxAddCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...

4.3CVSS6.6AI score0.00204EPSS
Exploits0References2
CVE
CVE
added 2024/02/27 11:5 a.m.149 views

CVE-2024-1906

CVE-2024-1906 – Categorify (WordPress) CSRF in categorifyAjaxAddCategory Affects: Categorify – WordPress Media Library Category & File Manager plugin for WordPress (all versions up to 1.0.7.4).Root cause: Missing or incorrect nonce validation in categorifyAjaxAddCategory.Impact: Unauthenticated a...

4.3CVSS5.2AI score0.00204EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/27 11:5 a.m.125 views

CVE-2024-1652

The CVE CVE-2024-1652 affects the Categorify – WordPress Media Library Category & File Manager plugin (versions &lt;= 1.0.7.4). The root cause is a missing capability/authorization check in categorifyAjaxClearCategory, allowing authenticated users with subscriber-level access and above to clear c...

4.3CVSS5.2AI score0.0034EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder