59 matches found
CVE-2023-28999
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files,...
SUSE CVE-2020-16094
In imapscantreerecursive in Claws Mail through 3.17.6, a malicious IMAP server can trigger stack consumption because of unlimited recursion into subdirectories during a rebuild of the folder tree...
CVE-2023-0724
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxaddfolder function. This makes it possible for unauthenticated attackers to invoke this function via forge...
CVE-2023-0726
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxeditfolder function. This makes it possible for unauthenticated attackers to invoke this function via forg...
CVE-2023-0716
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxeditfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...
CVE-2023-0722
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...
CVE-2023-0684
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxunassignfolders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...
CVE-2023-0685
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxunassignfolders function. This makes it possible for unauthenticated attackers to invoke this function via...
CVE-2023-0684 Wicked Folders <= 2.18.16 - Missing Authorization via ajax_unassign_folders
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxunassignfolders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...
CVE-2023-0715 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxclonefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...
CVE-2023-0720
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolderorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...
CVE-2023-0718
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...
PT-2023-16479 · WordPress · Wicked Folders
Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is due to missing or incorrect nonce validation on the ajax add folder function, making it possible for unauthenticated attackers to invoke this...
Authorization
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxmoveobject function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...
CVE-2023-0712 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_move_object
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxmoveobject function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...
CVE-2023-0728
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavefolder function. This makes it possible for unauthenticated attackers to invoke this function via forg...
Wicked Folders < 2.18.17 - Folder Structure Update via CSRF
The plugin does not have CSRF checks when managing its folder structure such as moving, deleting, creating etc folders, which could allow attackers to make logged admins perform such actions via CSRF attacks...
PT-2023-16478 · WordPress · Wicked Folders
Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is due to missing or incorrect nonce validation on the ajax move object function, making it possible for unauthenticated attackers to invoke thi...
PT-2023-16482 · WordPress · Wicked Folders
Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is due to missing or incorrect nonce validation on the ajax save folder function, making it possible for unauthenticated attackers to invoke thi...
Wicked Folders < 2.18.17 - Subscriber+ Folder Structure Update
The plugin does not have authorisation check when managing its folder structure such as moving, deleting, creating etc folders, which could allow any authenticated users, such as subscriber to perform such actions...