Lucene search
K

118 matches found

ATTACKERKB
ATTACKERKB
added 2023/04/05 6:15 p.m.5 views

CVE-2022-4936

The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping...

8.8CVSS7.3AI score0.00248EPSS
Exploits0References3
OSV
OSV
added 2023/04/05 6:15 p.m.5 views

CVE-2022-4936

The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping...

8.8CVSS7.4AI score0.00248EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 6:5 a.m.5 views

SUSE CVE-2009-0499

Cross-site request forgery CSRF vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php...

6.4CVSS7.2AI score0.00689EPSS
Exploits0References4
Veracode
Veracode
added 2023/01/02 11:21 a.m.17 views

Improper Authentication

github.com/usememos/memos is vulnerable to improper authentication. Improper authentication allows an attacker to delete posts on the user's behalf...

6.5CVSS6.4AI score0.00762EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2022/12/26 1:15 p.m.17 views

Heap overflow

The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id...

4CVSS6.5AI score0.00593EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2022/12/26 12:0 a.m.4 views

WordPress theme Workreap 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Workreap versions prior to 2.6.4. An...

6.5CVSS6.5AI score0.00593EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.8 views

WordPress plugin Registration Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

6.5CVSS6.6AI score0.00334EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/11/07 12:0 a.m.8 views

WordPress plugin Easy Digital Downloads 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in the...

4.3CVSS5.2AI score0.00286EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.2 views

CVE-2022-2275

The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack...

4.3CVSS6AI score0.00292EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/08/22 3:15 p.m.7 views

CVE-2022-2276

The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog...

4.3CVSS6AI score0.00336EPSS
Exploits2References3
CNNVD
CNNVD
added 2022/08/22 12:0 a.m.5 views

WordPress plugin WP Edit Menu 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

4.3CVSS5.4AI score0.00336EPSS
Exploits2References3
OSV
OSV
added 2022/06/16 8:15 p.m.4 views

CVE-2022-31295

An issue in the deletepost function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts...

7.5CVSS5.8AI score0.01313EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/06/16 7:13 p.m.18 views

CVE-2022-31295

An issue in the deletepost function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts...

7.7AI score0.01313EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.5 views

CVE-2022-1779

The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once...

8.1CVSS7.2AI score0.00517EPSS
Exploits1References2
Prion
Prion
added 2022/06/13 1:15 p.m.14 views

Cross site request forgery (csrf)

The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once...

5.8CVSS7.8AI score0.00517EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2022/06/13 12:42 p.m.66 views

CVE-2022-1779

The CVE-2022-1779 vulnerability affects the WordPress plugin Auto Delete Posts up to version 1.3.0. The issue is a missing CSRF check when updating plugin settings, enabling a logged‑in administrator to alter settings via CSRF and trigger deletion of specific posts, categories, and attachments. T...

8.1CVSS8AI score0.00517EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2022/05/23 12:0 a.m.25 views

WordPress Auto Delete Posts plugin <= 1.3.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Auto Delete Posts plugin versions = 1.3.0. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary,...

8.1CVSS3.4AI score0.00517EPSS
Exploits1References3Affected Software1
CNNVD
CNNVD
added 2022/05/13 12:0 a.m.4 views

EC-CUBE Easy Blog for EC-CUBE4 跨站请求伪造漏洞

EC-CUBE Easy Blog for EC-CUBE4 is a component of the content management system from EC-CUBE Japan. EC-CUBE Easy Blog for EC-CUBE4 1.0.1 and earlier versions are vulnerable to cross-site request forgery, which stems from insufficient authentication of the source of HTTP requests. A remote,...

4.3CVSS4.9AI score0.00431EPSS
Exploits0References5
OSV
OSV
added 2022/03/28 6:15 p.m.3 views

CVE-2021-24978

The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete ...

5.3CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2022/03/24 11:15 p.m.22 views

CVE-2022-25576

Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts...

4.5CVSS4.8AI score
Exploits0References2
Rows per page
Query Builder