Lucene search
K

118 matches found

CVE
CVE
added 2024/05/23 6:46 a.m.114 views

CVE-2024-2038

CVE-2024-2038 affects the Visual Website Collaboration, Feedback & Project Management – Atarim WordPress plugin. The vulnerability arises from hardcoded credentials used to authenticate all incoming API requests, enabling unauthorized access. Exploitation allows unauthenticated attackers to modif...

7.5CVSS7.6AI score0.00494EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/05/23 6:46 a.m.13 views

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

7.5CVSS7.5AI score0.00494EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/23 6:46 a.m.22 views

CVE-2024-2038 Visual Website Collaboration, Feedback & Project Management – Atarim <= 3.22.6 - Hardcoded Credentials

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

7.5CVSS7.6AI score0.00494EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/05/23 12:0 a.m.8 views

PT-2024-18654 · WordPress · Atarim

Name of the Vulnerable Software and Affected Versions: The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress versions up to, and including, 3.22.6 Description: The issue is due to the use of hardcoded credentials to authenticate all incoming API requests...

7.5CVSS6.9AI score0.00494EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/04/09 12:0 a.m.4 views

PT-2024-18361 · WordPress · Autowriter

Name of the Vulnerable Software and Affected Versions: AutoWriter plugin for WordPress versions up to, and including, 3.3 Description: The issue allows authenticated attackers with subscriber access or higher to access, modify, or delete posts due to a missing capability check on functions hooked...

6.3CVSS9.3AI score0.0052EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/04/02 9:32 a.m.13 views

CVE-2024-1732 Sharkdropship for AliExpress Dropshipping and Affiliate <= 2.2.4 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

The Sharkdropship for AliExpress Dropshipping and Affiliate plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the wadsremoveProductFromShop function in all versions up to, and including, 2.2.4. This makes it possible for unauthenticated attackers...

5.3CVSS7.4AI score0.00397EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/23 12:0 a.m.6 views

PT-2024-17973 · WordPress · Colibri Page Builder

Name of the Vulnerable Software and Affected Versions: Colibri Page Builder plugin for WordPress versions up to, and including, 1.0.253 Description: The issue is due to missing or incorrect nonce validation on the apiCall function, making it possible for unauthenticated attackers to call a limite...

4.3CVSS9.3AI score0.00212EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.7 views

PT-2024-3143 · WordPress · Tutor Lms

Name of the Vulnerable Software and Affected Versions: Tutor LMS plugin for WordPress versions up to, and including, 2.6.1 Description: The issue is related to a missing capability check on the tutor delete announcement function, which can allow authenticated attackers with subscriber-level acces...

5.5CVSS9.2AI score0.00428EPSS
Exploits0References8
OSV
OSV
added 2024/02/12 4:15 p.m.5 views

CVE-2024-0248

The EazyDocs WordPress plugin before 2.4.0 re-introduced CVE-2023-6029 https://wpscan.com/vulnerability/7a0aaf85-8130-4fd7-8f09-f8edc929597e/ in 2.3.8, allowing any authenticated users, such as subscriber to delete arbitrary posts, as well as add and delete documents/sections. The issue was...

4.3CVSS5.9AI score
Exploits0References1
CNNVD
CNNVD
added 2024/02/12 12:0 a.m.4 views

WordPress Plugin EazyDocs Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. The WordPress Plugin EazyDocs versi...

4.3CVSS6.8AI score0.00424EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/02/12 12:0 a.m.6 views

PT-2024-15410 · WordPress · Eazydocs

Name of the Vulnerable Software and Affected Versions: EazyDocs WordPress plugin versions prior to 2.4.0 Description: The issue allows any authenticated users to delete arbitrary posts, as well as add and delete documents/sections. The problem was partially fixed in version 2.3.9. Recommendations...

4.3CVSS6.6AI score0.00424EPSS
Exploits2References6
OSV
OSV
added 2024/01/15 4:15 p.m.5 views

CVE-2023-6029

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections...

7.5CVSS5.9AI score0.00248EPSS
Exploits3References1
NVD
NVD
added 2024/01/15 4:15 p.m.22 views

CVE-2023-6029

The EazyDocs WordPress plugin before 2.3.6 does not have authorization and CSRF checks when handling documents and does not ensure that they are documents from the plugin, allowing unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections...

7.5CVSS7.6AI score0.00248EPSS
Exploits3References1
Positive Technologies
Positive Technologies
added 2024/01/15 12:0 a.m.6 views

PT-2024-14858 · WordPress · Eazydocs

Name of the Vulnerable Software and Affected Versions: EazyDocs WordPress plugin versions prior to 2.3.6 Description: The issue allows unauthenticated users to delete arbitrary posts, as well as add and delete documents/sections, due to the lack of authorization and CSRF checks when handling...

7.5CVSS7AI score0.00248EPSS
Exploits3References8
OSV
OSV
added 2023/11/22 4:15 p.m.5 views

CVE-2023-5386

The Funnelforms Free plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the fnsfdeleteposts function in versions up to, and including, 3.4. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS6.7AI score0.00408EPSS
Exploits2References2
OSV
OSV
added 2023/11/22 4:15 p.m.6 views

CVE-2023-5382

The Funnelforms Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4. This is due to missing or incorrect nonce validation on the fnsfdeleteposts function. This makes it possible for unauthenticated attackers to delete arbitrary posts via a...

4.3CVSS5.7AI score0.00306EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/11/20 12:0 a.m.5 views

PT-2023-32237 · WordPress · Wp Hotel Booking

Name of the Vulnerable Software and Affected Versions: WP Hotel Booking WordPress plugin versions prior to 2.0.8 Description: The issue concerns a lack of authorization and CSRF checks in the WP Hotel Booking WordPress plugin, which also fails to verify that the item to be deleted is indeed a...

5.4CVSS7.1AI score0.00271EPSS
Exploits2References4
Cvelist
Cvelist
added 2023/11/06 8:40 p.m.32 views

CVE-2023-5454 Templately < 2.2.6 - Arbitrary post trashing via Missing Authorization

The Templately WordPress plugin before 2.2.6 does not properly authorize the saved-templates/delete REST API call, allowing unauthenticated users to delete arbitrary posts...

7.7AI score0.00608EPSS
Exploits2References1
CNNVD
CNNVD
added 2023/06/09 12:0 a.m.14 views

WordPress Plugin Directorist 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.5CVSS7.6AI score0.00609EPSS
Exploits2References3
OSV
OSV
added 2023/06/07 2:15 a.m.4 views

CVE-2021-4357

The uListing plugin for WordPress is vulnerable to authorization bypass due to missing capability checks, and a missing security nonce, on the UlistingUserRole::saveroleapi function in versions up to, and including, 1.6.6. This makes it possible for unauthenticated attackers to arbitrarily delete...

5.3CVSS5.6AI score0.01019EPSS
Exploits1References4
Rows per page
Query Builder