179 matches found
WordPress WP Directory Kit Plugin <= 1.2.6 is vulnerable to Broken Access Control
Software WP Directory Kit Type Plugin Vulnerable versions = 1.2.6 Fixed in 1.2.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-41875 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID d07282743714 Credits Debangshu Kundu & Arpeet Rat...
CVE-2023-2279
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...
CVE-2023-2279
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...
Cross site request forgery (csrf)
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...
CVE-2023-2279 WP Directory Kit <= 1.2.1 - Cross-Site Request Forgery to Plugin Settings Change/Delete, Demo Import, Directory Kit Modification/Deletion via admin_page_display
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the 'adminpagedisplay' function. This makes it possible for unauthenticated attackers to delete or change plugin...
CVE-2023-2279
CVE-2023-2279 pertains to the WP Directory Kit WordPress plugin. Concrete details show a CSRF vulnerability in versions up to 1.2.1 due to missing/incorrect nonce validation in the admin_page_display function, enabling unauthenticated attackers to delete or modify plugin settings, import demo dat...
PT-2023-18697 · WordPress · Wp Directory Kit
Name of the Vulnerable Software and Affected Versions: WP Directory Kit plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is due to missing or incorrect nonce validation on the admin page display function, making it possible for unauthenticated attackers to delete o...
WordPress plugin WP Directory Kit 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site request forgery vulnerability...
CVE-2023-2277
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...
CVE-2023-2277
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...
CVE-2023-2277
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...
CVE-2023-2351
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...
CVE-2023-2278
The WP Directory Kit plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 1.1.9 via the 'wdkpublicaction' function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those...
Design/Logic Flaw
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...
CVE-2023-2351
The CVE-2023-2351 case concerns WP Directory Kit for WordPress. Vulnerable up to 1.2.3 due to missing authorization checks in wdk_admin_action, enabling authenticated users with subscriber-level privileges or higher to modify data, alter plugin settings, import demo data, delete Directory Kit con...
CVE-2023-2351 WP Directory Kit <= 1.2.3 - Missing Authorization to Plugin Settings Change/Delete, Demo Import, Directory Kit Deletion via wdk_admin_action
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajaxadmin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions...
CVE-2023-2277
The CVE-2023-2277 issue affects the WP Directory Kit WordPress plugin (versions up to 1.1.9). It is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing/incorrect nonce validation on the insert function. This allows unauthenticated attackers to alter plugin settings and inject mali...
CVE-2023-2277 WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...
CVE-2023-2277 WP Directory Kit <= 1.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting via wdk_resultitem
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and...
WordPress Plugin WP Directory Kit 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...