Lucene search
+L

179 matches found

Patchstack
Patchstack
added 2023/09/05 12:0 a.m.10 views

WordPress WP Directory Kit Plugin <= 1.2.6 is vulnerable to Broken Access Control

Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41875 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d07282743714 Credits Debangshu Kundu & Arpeet Rat...

6.9AI score0.00636EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/08/31 6:15 a.m.1 views

CVE-2023-2279

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...

5.4CVSS5.8AI score0.00294EPSS
Exploits0References4
OSV
OSV
added 2023/08/31 6:15 a.m.4 views

CVE-2023-2279

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...

5.4CVSS7.2AI score0.00294EPSS
Exploits0References3
Prion
Prion
added 2023/08/31 6:15 a.m.12 views

Cross site request forgery (csrf)

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...

5.8CVSS5.1AI score0.00294EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/31 5:33 a.m.10 views

CVE-2023-2279 WP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change/Delete, Demo Import, Directory Kit Modification/Deletion via admin_page_display

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...

5.4CVSS6.6AI score0.00294EPSS
Exploits0References3
CVE
CVE
added 2023/08/31 5:33 a.m.39 views

CVE-2023-2279

CVE-2023-2279 pertains to the WP Directory Kit WordPress plugin. Concrete details show a CSRF vulnerability in versions up to 1.2.1 due to missing/incorrect nonce validation in the admin_page_display function, enabling unauthenticated attackers to delete or modify plugin settings, import demo dat...

5.4CVSS5.1AI score0.00294EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/08/31 12:0 a.m.6 views

PT-2023-18697 · WordPress · Wp Directory Kit

Name of the Vulnerable Software and Affected Versions: WP Directory Kit plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is due to missing or incorrect nonce validation on the admin page display function, making it possible for unauthenticated attackers to delete o...

5.4CVSS6.2AI score0.00294EPSS
Exploits0References6
CNNVD
CNNVD
added 2023/08/31 12:0 a.m.7 views

WordPress plugin WP Directory Kit 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site request forgery vulnerability...

5.4CVSS6.7AI score0.00294EPSS
Exploits0References4
NVD
NVD
added 2023/06/13 2:15 a.m.22 views

CVE-2023-2277

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...

6.1CVSS5.9AI score0.00337EPSS
Exploits1References3
OSV
OSV
added 2023/06/13 2:15 a.m.3 views

CVE-2023-2277

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...

4.7CVSS5.6AI score
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/06/13 2:15 a.m.3 views

CVE-2023-2277

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...

6.1CVSS5.8AI score0.00337EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/06/13 2:15 a.m.1 views

CVE-2023-2351

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...

6.5CVSS6.8AI score0.0064EPSS
Exploits1References7
OSV
OSV
added 2023/06/13 2:15 a.m.6 views

CVE-2023-2278

The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdkpublicaction' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those...

9.8CVSS7.8AI score0.01686EPSS
Exploits1References3
Prion
Prion
added 2023/06/13 2:15 a.m.16 views

Design/Logic Flaw

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...

4CVSS4.4AI score0.0064EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2023/06/13 1:48 a.m.41 views

CVE-2023-2351

The CVE-2023-2351 case concerns WP Directory Kit for WordPress. Vulnerable up to 1.2.3 due to missing authorization checks in wdk_admin_action, enabling authenticated users with subscriber-level privileges or higher to modify data, alter plugin settings, import demo data, delete Directory Kit con...

6.5CVSS5.2AI score0.0064EPSS
Exploits1References6Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/13 1:48 a.m.18 views

CVE-2023-2351 WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action

The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...

6.5CVSS6.7AI score0.0064EPSS
Exploits1References6
CVE
CVE
added 2023/06/13 1:48 a.m.52 views

CVE-2023-2277

The CVE-2023-2277 issue affects the WP Directory Kit WordPress plugin (versions up to 1.1.9). It is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing/incorrect nonce validation on the insert function. This allows unauthenticated attackers to alter plugin settings and inject mali...

6.1CVSS4.4AI score0.00337EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/13 1:48 a.m.8 views

CVE-2023-2277 WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...

6.1CVSS5.8AI score0.00337EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/06/13 1:48 a.m.32 views

CVE-2023-2277 WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem

The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...

6.1CVSS6.1AI score0.00337EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/13 12:0 a.m.4 views

WordPress Plugin WP Directory Kit 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

6.1CVSS5AI score0.00337EPSS
Exploits1References4
Rows per page
Query Builder