Lucene search
K

331 matches found

CNNVD
CNNVD
added 2023/11/21 12:0 a.m.3 views

WordPress Plugin Post Meta Data Manager Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

8.8CVSS6.7AI score0.00292EPSS
Exploits0References5
Patchstack
Patchstack
added 2023/11/21 12:0 a.m.19 views

WordPress Post Meta Data Manager Plugin <= 1.2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.1 Fixed in 1.2.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-5776 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID be22b4c7158e Credits Francesco...

8.8CVSS7AI score0.00292EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/10/28 12:15 p.m.6 views

CVE-2023-5426

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions in versions up to, and including, 1.2.0. This makes it possible for...

7.5CVSS5.9AI score0.00468EPSS
Exploits0References2
Prion
Prion
added 2023/10/28 12:15 p.m.12 views

Design/Logic Flaw

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions in versions up to, and including, 1.2.0. This makes it possible for...

5CVSS7.5AI score0.00468EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/10/28 11:6 a.m.54 views

CVE-2023-5426

CVE-2023-5426 affects the WordPress plugin Post Meta Data Manager (versions ≤ 1.2.0). A missing capability check in functions pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta allows unauthenticated attackers to delete user, term, and post meta belonging to arbitrar...

7.5CVSS7.5AI score0.00468EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/28 11:6 a.m.30 views

CVE-2023-5426 Post Meta Data Manager <=1.2.0 - Missing Authorization to User, Term, and Post Meta Deletion

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions in versions up to, and including, 1.2.0. This makes it possible for...

7.5CVSS7.5AI score0.00468EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/10/28 12:0 a.m.5 views

WordPress plugin Post Meta Data Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

8.8CVSS6.8AI score0.00536EPSS
Exploits0References3
Patchstack
Patchstack
added 2023/10/27 12:0 a.m.15 views

WordPress Post Meta Data Manager Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5425 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 1def5cff52bd Credits Francesco Carlucci...

8.8CVSS6.5AI score0.00536EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/10/27 12:0 a.m.17 views

WordPress Post Meta Data Manager Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5426 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID a003d34ca1b2 Credits Francesco Carlucc...

7.5CVSS6.5AI score0.00468EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.7 views

WordPress SLP – Extended Data Manager Plugin <= 6.1.1 is vulnerable to Cross Site Scripting (XSS)

Software SLP – Extended Data Manager Type Plugin Vulnerable versions = 6.1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 8d2e98c75731 Credits Rafie Muhammad...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/05/18 9:15 p.m.18 views

CVE-2023-2025

OpenBlue Enterprise Manager Data Collector versions prior to 3.2.5.75 may expose sensitive information to an unauthorized user under certain circumstances...

6.5CVSS5.8AI score0.00515EPSS
Exploits0References2
CNVD
CNVD
added 2023/04/16 12:0 a.m.6 views

Dell PowerProtect Data Manager Access Control Error Vulnerability

Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. An access control error vulnerability exists in Dell PowerProtect Data Manager version 19.12, 19.11, and 19.10, which...

8.8CVSS6.6AI score0.00766EPSS
Exploits0References1
OSV
OSV
added 2023/04/11 2:15 p.m.5 views

CVE-2023-28062

Dell PPDM versions 19.12, 19.11 and 19.10, contain an improper access control vulnerability. A remote authenticated malicious user with low privileges could potentially exploit this vulnerability to bypass intended access restrictions and perform unauthorized actions...

8.8CVSS7.3AI score0.00766EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/04/11 12:0 a.m.5 views

Dell PowerProtect Data Manager 安全漏洞

Dell PowerProtect Data Manager PPDM is a data protection solution from Dell USA. The product supports features such as data backup, virtual machine backup and database protection. An access control error vulnerability exists in Dell PowerProtect Data Manager version 19.12, 19.11, and 19.10, which...

8.8CVSS6.7AI score0.00766EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2023/04/07 12:0 a.m.7 views

The vulnerability of the software interface of the Hitachi Energy System Data Manager SDM600, which allows a perpetrator to compromise the confidentiality and integrity of information.

The vulnerability of the software interface of the Hitachi Energy System Data Manager SDM600 lies in deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality and integrity of information...

9.4CVSS7.7AI score0.01442EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/04/07 12:0 a.m.4 views

The vulnerability of Hitachi Energy System Data Manager SDM600, related to improper cleaning or release of resources, allows a intruder to trigger a service failure.

The vulnerability of Hitachi Energy System Data Manager SDM600 relates to improper cleaning or release of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

7.8CVSS7.2AI score0.00616EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/04/07 12:0 a.m.5 views

The vulnerability of the application software interface of Hitachi Energy System Data Manager SDM600 allows a malicious actor to read data from the data storage.

The vulnerability of the application software interface of Hitachi Energy System Data Manager SDM600 is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor, operating remotely, to read data from the data storage...

7.7CVSS7.2AI score0.00484EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2023/03/30 12:0 a.m.7 views

The vulnerability of Hitachi Energy System Data Manager SDM600, related to the possibility of loading dangerous files, allows a hacker to execute arbitrary code.

The vulnerability of Hitachi Energy System Data Manager SDM600 relates to the ability to load files of a dangerous type. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

9.9CVSS8.3AI score0.00781EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.6 views

SDM600 安全漏洞

ABB SDM600 is a system data manager from ABB Switzerland. A security vulnerability exists in SDM600 versions prior to 1.2.23000.291, which stems from the presence of a service authorization validation vulnerability that can be exploited by an attacker to access sensitive data by reading directly...

7.7CVSS7.3AI score0.00484EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/03/28 12:0 a.m.5 views

SDM600 安全漏洞

ABB SDM600 is a system data manager from ABB Switzerland. A security vulnerability exists in SDM600 versions prior to 1.2.23000.291, which stems from a problem in the endpoint that can be exploited by an attacker to cause an application to become unresponsive by running multiple parallel requests...

7.5CVSS7.3AI score0.00616EPSS
Exploits0References4
Rows per page
Query Builder