Lucene search
K

118 matches found

OSV
OSV
added 2022/02/28 9:15 a.m.3 views

CVE-2021-25011

The Maps Plugin using Google Maps for WordPress plugin before 1.8.1 does not have proper authorisation and CSRF in most of its AJAX actions, which could allow any authenticated users, such as subscriber to delete arbitrary posts and update the plugin's settings...

5.7CVSS6.3AI score0.0042EPSS
Exploits2References2
OSV
OSV
added 2022/02/28 9:15 a.m.7 views

CVE-2021-25081

The Maps Plugin using Google Maps for WordPress plugin before 1.8.4 does not have CSRF checks in most of its AJAX actions, which could allow attackers to make logged in admins delete arbitrary posts and update the plugin's settings via a CSRF attack...

6.5CVSS5.9AI score0.00566EPSS
Exploits2References2
OSV
OSV
added 2022/02/28 9:15 a.m.4 views

CVE-2021-24704

In the Orange Form WordPress plugin through 1.0, the processbulkaction function in "admin/orange-form-email.php" performs an unprepared SQL query with an unsanitized parameter $id. Only admin can access the page that invokes the function, but because of lack of CSRF protection, it is actually...

8.8CVSS5.9AI score0.00609EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/01/24 12:0 a.m.6 views

WordPress 跨站请求伪造漏洞

WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site request forgery vulnerability exists in versions prior to 2.1.2 of the Ultimate FAQ plugin for...

5.7CVSS5.7AI score0.00426EPSS
Exploits2References3
CNNVD
CNNVD
added 2021/11/08 12:0 a.m.3 views

WordPress 插件访问控制错误漏洞

WordPress is a set of Wordpress Foundation's blogging platform developed using the PHP language. The platform supports setting up personal blogging sites on PHP and MySQL servers. WordPress Plugin is a WordPress open source application plugin. an access control error vulnerability exists in the...

6.5CVSS5.8AI score0.00798EPSS
Exploits2References2
Huntr
Huntr
added 2021/10/11 4:34 p.m.10 views

Cross-Site Request Forgery (CSRF) in flatcore/flatcore-cms

Description 1 Missing CSRF token in delete posts and delete folder in the frontend 2 Missing backend CSRF validation in 1 removing and enabling fix status and 2 deleting posts, and 3 delete folder and 4 delexclude in the indexing page see Permalinks 3 Delete cache Proof of Concept Open in...

2.4AI score
Exploits0
OSV
OSV
added 2021/06/01 2:15 p.m.5 views

CVE-2021-24318

The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector...

6.5CVSS6.7AI score0.00986EPSS
Exploits2References2
CNVD
CNVD
added 2021/05/17 12:0 a.m.8 views

WordPress Redirection for Contact Form 7 Plugin Improper Access Control Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An improper access control vulnerability exists in WordPress Redirection for Contact Form 7 Plugin...

4.3CVSS6.7AI score0.00663EPSS
Exploits2References1
OSV
OSV
added 2020/04/07 5:15 p.m.4 views

CVE-2020-9514

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user with the Subscriber role to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages via...

6.5CVSS6.7AI score0.00961EPSS
Exploits1References2
Prion
Prion
added 2020/04/07 5:15 p.m.15 views

Code injection

An issue was discovered in the IMPress for IDX Broker plugin before 2.6.2 for WordPress. wrappers.php allows a logged-in user with the Subscriber role to permanently delete arbitrary posts and pages, create new posts with arbitrary subjects, and modify the subjects of existing posts and pages via...

4CVSS6.5AI score0.00961EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2020/01/28 8:15 p.m.16 views

CVE-2015-5483

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

8.8CVSS8.7AI score0.01584EPSS
Exploits3References3
Cvelist
Cvelist
added 2020/01/28 7:9 p.m.20 views

CVE-2015-5483

Multiple cross-site request forgery CSRF vulnerabilities in the Private Only plugin 3.5.1 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 add users, 2 delete posts, or 3 modify PHP files via unspecified vectors, or 4 conduct cross-site...

8.8AI score0.01584EPSS
Exploits3References3
Cvelist
Cvelist
added 2019/05/21 5:0 p.m.21 views

CVE-2019-12253

my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&deleteposting...

6.5AI score0.00601EPSS
Exploits1References2
CVE
CVE
added 2019/05/21 5:0 p.m.48 views

CVE-2019-12253

CVE-2019-12253 affects the project’s “my little forum” prior to version 2.4.20. The vulnerability is a CSRF flaw that allows deleting posts via a crafted request (e.g., mode=posting&delete_posting). The issue is confirmed across multiple feeds (NVD/NVD-derived entries, Red Hat advisory, OSV, CVE ...

6.5CVSS6.4AI score0.00601EPSS
Exploits1References2Affected Software1
CNVD
CNVD
added 2019/02/19 12:0 a.m.3 views

idreamsoft iCMS Cross-Site Request Forgery Vulnerability (CNVD-2019-12121)

iCMS is an efficient and simple content management system built with PHP and MySQL. A cross-site request forgery vulnerability exists in idreamsoft iCMS 7.0.14 and earlier versions, which can be exploited by an attacker to delete a user's posts via public/api.php?app=user URI...

5.7CVSS6.9AI score0.00381EPSS
Exploits1References1
exploitpack
exploitpack
added 2018/08/21 12:0 a.m.15 views

Twitter-Clone 1 - Cross-Site Request Forgery (Delete Post)

Twitter-Clone 1 - Cross-Site Request Forgery Delete Post Exploit Title: Twitter-Clone 1 - Cross-Site Request Forgery Delete Post Date: 2018-08-21 Exploit Author: L0RD Vendor Homepage: https://github.com/Fyffe/PHP-Twitter-Clone/ Version: 1 CVE: N/A Tested on: Win 10 Description : An issue was...

Exploits0
Prion
Prion
added 2015/03/30 2:59 p.m.22 views

Design/Logic Flaw

The "menu sync" function in the WPML plugin before 3.1.9 for WordPress allows remote attackers to delete arbitrary posts, pages, and menus via a crafted request to sitepress-multilingual-cms/menu/menus-sync.php...

6.4CVSS7.3AI score0.13386EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2012/09/14 7:55 p.m.4 views

DEBIAN-CVE-2010-5106

The XML-RPC remote publishing interface in xmlrpc.php in WordPress before 3.0.3 does not properly check capabilities, which allows remote authenticated users to bypass intended access restrictions, and publish, edit, or delete posts, by leveraging the Author or Contributor role...

6.5CVSS6.5AI score0.02176EPSS
Exploits1References1
Rows per page
Query Builder