Lucene search
+L

153 matches found

CVE
CVE
added 2024/06/14 6:0 a.m.63 views

CVE-2024-4480

CVE-2024-4480 concerns the WP Prayer II WordPress plugin (

6.1CVSS6.4AI score0.00197EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/06/14 6:0 a.m.39 views

CVE-2024-4480 WP Prayer II <= 2.4.7 - Email Settings Update via CSRF

The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

0.00197EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/06/14 12:0 a.m.16 views

WordPress plugin WP Prayer II security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

6.1CVSS6.7AI score0.00197EPSS
Exploits2References2
OSV
OSV
added 2024/06/13 3:15 p.m.7 views

CVE-2024-28968

Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the executio...

5.4CVSS5.9AI score0.00349EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/13 12:0 a.m.5 views

Dell Secure Connect Gateway Access Control Error Vulnerability

Dell Secure Connect Gateway is a secure connectivity gateway from Dell USA. An access control error vulnerability exists in Dell Secure Connect Gateway versions prior to 5.24.00.00, which stems from an improperly access-controlled internal email and collection settings REST API, which could be...

5.4CVSS6.9AI score0.00349EPSS
Exploits0References2
NVD
NVD
added 2024/05/24 3:15 p.m.11 views

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

4.9CVSS6.7AI score0.0024EPSS
Exploits0References1
CVE
CVE
added 2024/05/24 3:3 p.m.93 views

CVE-2024-33470

The CVE-2024-33470 entry affects AVTECH Room Alert 4E v4.4.0, with a root cause in the SMTP Email Settings that can expose credentials in plaintext via a passback attack. The issue is documented across multiple sources (including PT-2024-25275) and is tied to products that are no longer supported...

4.9CVSS7AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/05/24 3:3 p.m.9 views

CVE-2024-33470

An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

7AI score0.0024EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/05/24 12:12 p.m.6 views

WordPress WP Prayer II plugin <= 2.4.7 - CSRF Leading to Email Settings Change vulnerability

CSRF Leading to Email Settings Change vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer II versions = 2.4.7...

6.1CVSS7AI score0.00197EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/24 12:0 a.m.7 views

PT-2024-25275 · Avtech · Avtech Room Alert 4E

Name of the Vulnerable Software and Affected Versions: AVTECH Room Alert 4E version 4.4.0 Description: An issue in the SMTP Email Settings allows attackers to gain access to credentials in plaintext via a passback attack. This issue only affects products that are no longer supported by the...

4.9CVSS7.2AI score0.0024EPSS
Exploits0References2
wpexploit
wpexploit
added 2024/05/24 12:0 a.m.137 views

WP Prayer II <= 2.4.7 - Email Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML file containing:...

6.6AI score0.00197EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/05/24 12:0 a.m.15 views

WP Prayer II <= 2.4.7 - Email Settings Update via CSRF

Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Have an admin open an HTML file containing:...

6.2AI score0.00197EPSS
Exploits2
OSV
OSV
added 2024/05/15 6:15 a.m.4 views

CVE-2024-3406

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS5.8AI score0.00347EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/05/15 6:0 a.m.7 views

CVE-2024-3406 WP Prayer <= 2.0.9 - Email Settings Update via CSRF

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

7AI score0.00347EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/05/15 6:0 a.m.34 views

CVE-2024-3406 WP Prayer <= 2.0.9 - Email Settings Update via CSRF

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.6AI score0.00347EPSS
Exploits2References1
CVE
CVE
added 2024/05/15 6:0 a.m.78 views

CVE-2024-3406

CVE-2024-3406 affects WP Prayer WordPress plugin up to version 2.0.9 and older, lacking CSRF protection when updating email settings. This enables a logged-in admin to change settings via CSRF. CVSSv3.1 base score 8.8 (HIGH). Remediation noted across sources as updating to a version that adds a C...

8.8CVSS6.6AI score0.00347EPSS
Exploits2References1Affected Software1
CNNVD
CNNVD
added 2024/05/15 12:0 a.m.6 views

WordPress plugin WP Prayer 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.6AI score0.00347EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/05/15 12:0 a.m.6 views

PT-2024-25672

Name of the Vulnerable Software and Affected Versions WP Prayer WordPress plugin versions 2.0.9 and earlier Description The issue concerns a lack of CSRF check when updating email settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This could potentially...

8.8CVSS6.4AI score0.00347EPSS
Exploits2References6
OSV
OSV
added 2024/05/03 3:15 a.m.2 views

CVE-2023-44425

D-Link DIR-X3260 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

8CVSS6.2AI score0.01114EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/05/03 3:15 a.m.4 views

CVE-2023-44422

D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...

8CVSS6.3AI score0.01114EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder