Lucene search
K

4 matches found

CNNVD
CNNVD
added 2023/05/26 12:0 a.m.6 views

WordPress plugin Customize WordPress Emails and Alerts – Better Notifications for WP 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS8.1AI score0.00256EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2022/02/28 9:15 a.m.7 views

CVE-2022-0345

The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfwsearchusers AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes finding the first letter, then the second one, then the third one...

4.3CVSS5.5AI score0.00423EPSS
Exploits2References2
CNNVD
CNNVD
added 2022/02/28 12:0 a.m.4 views

WordPress 信息泄露漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. A cross-site request forgery vulnerability exists in versions of the WordPress Emails and Alerts plugin prior to 1.8.7. The vulnerability stems from the failure of the custom WordPress Emails and Alerts...

4.3CVSS5.5AI score0.00423EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/02/28 12:0 a.m.6 views

PT-2022-13119 · WordPress · Customize Wordpress Emails/Alerts

Name of the Vulnerable Software and Affected Versions: The Customize WordPress Emails and Alerts WordPress plugin versions prior to 1.8.7 Description: The issue concerns a lack of authorization and CSRF check in the bnfw search users AJAX action. This allows any authenticated users to call the...

4.3CVSS4.4AI score0.00423EPSS
Exploits2References4
Rows per page
Query Builder