Lucene search
K

77 matches found

CNNVD
CNNVD
added 2025/02/14 12:0 a.m.3 views

WordPress plugin IdeaPush 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS6.6AI score0.00366EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/05 12:48 a.m.6 views

CVE-2024-37461

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Martin Gibson IdeaPush allows Stored XSS.This issue affects IdeaPush: from n/a through 8.65...

7.1CVSS6.8AI score0.00327EPSS
Exploits0
Patchstack
Patchstack
added 2024/12/27 3:56 p.m.6 views

WordPress IdeaPush plugin <= 8.71 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin IdeaPush versions = 8.71...

9.8CVSS7AI score0.00366EPSS
Exploits0Affected Software1
NVD
NVD
added 2024/12/09 1:15 p.m.19 views

CVE-2023-48774

Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a...

5.4CVSS0.00462EPSS
Exploits0References1
OSV
OSV
added 2024/12/09 1:15 p.m.4 views

CVE-2023-48774

Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a...

5.4CVSS5.8AI score0.00462EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/09 11:30 a.m.10 views

CVE-2023-48774 WordPress IdeaPush plugin < 8.58 - Broken Access Control vulnerability

Missing Authorization vulnerability in Martin Gibson IdeaPush allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IdeaPush: from n/a through n/a...

5.4CVSS6.9AI score0.00462EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/12/09 12:0 a.m.6 views

PT-2024-13647 · Ideapush · Ideapush

Name of the Vulnerable Software and Affected Versions: IdeaPush affected versions not specified Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: At the moment, there...

5.4CVSS9.2AI score0.00462EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.5 views

WordPress plugin IdeaPush 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS8.7AI score0.00462EPSS
Exploits0References1
OSV
OSV
added 2024/12/03 9:15 a.m.3 views

CVE-2024-11844

The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ideapushtaxonomysaveroutine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS5.8AI score0.00334EPSS
Exploits0References3
NVD
NVD
added 2024/12/03 9:15 a.m.25 views

CVE-2024-11844

The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ideapushtaxonomysaveroutine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS0.00334EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/03 8:32 a.m.23 views

CVE-2024-11844 IdeaPush <= 8.71 - Missing Authorization to Board Term Deletion

The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ideapushtaxonomysaveroutine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS0.00334EPSS
Exploits0References3
CVE
CVE
added 2024/12/03 8:32 a.m.63 views

CVE-2024-11844

The CVE-2024-11844 entry concerns the IdeaPush WordPress plugin (versions up to and including 8.71). Root cause: missing capability check in the idea_push_taxonomy_save_routine allows authenticated users with Subscriber-level access or higher to delete terms in the boards taxonomy, effectively en...

4.3CVSS4.3AI score0.00334EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/12/03 8:32 a.m.13 views

CVE-2024-11844 IdeaPush <= 8.71 - Missing Authorization to Board Term Deletion

The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ideapushtaxonomysaveroutine function in all versions up to, and including, 8.71. This makes it possible for authenticated attackers, with Subscriber-level access and above...

4.3CVSS6.7AI score0.00334EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/12/03 12:0 a.m.5 views

WordPress plugin IdeaPush 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.1AI score0.00334EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/12/03 12:0 a.m.5 views

PT-2024-17291 · WordPress · Ideapush

Name of the Vulnerable Software and Affected Versions: IdeaPush plugin for WordPress versions up to, and including, 8.71 Description: The issue concerns a lack of capability check in the idea push taxonomy save routine function, allowing authenticated attackers with Subscriber-level access and...

4.3CVSS6.6AI score0.00334EPSS
Exploits0References9
OSV
OSV
added 2024/10/20 11:15 a.m.3 views

CVE-2024-49275

Cross-Site Request Forgery CSRF vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69...

8.8CVSS5.8AI score0.00193EPSS
Exploits0References1
NVD
NVD
added 2024/10/20 11:15 a.m.37 views

CVE-2024-49275

Cross-Site Request Forgery CSRF vulnerability in Northern Beaches Websites IdeaPush ideapush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through = 8.69...

8.8CVSS0.00193EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/20 10:21 a.m.21 views

CVE-2024-49275 WordPress IdeaPush plugin <= 8.69 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Martin Gibson IdeaPush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through 8.69...

4.3CVSS7AI score0.00193EPSS
Exploits0References1
CVE
CVE
added 2024/10/20 10:21 a.m.61 views

CVE-2024-49275

The CVE-2024-49275 entry concerns a Cross-Site Request Forgery (CSRF) in the WordPress plugin IdeaPush by Martin Gibson, affecting versions n/a through 8.69. Patchstack documents that the vulnerability is fixed in 8.71, indicating a software fix was released to address unauthorized actions perfor...

8.8CVSS5.9AI score0.00193EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/10/20 10:21 a.m.48 views

CVE-2024-49275 WordPress IdeaPush plugin <= 8.69 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Northern Beaches Websites IdeaPush ideapush allows Cross Site Request Forgery.This issue affects IdeaPush: from n/a through = 8.69...

4.3CVSS0.00193EPSS
Exploits0References1
Rows per page
Query Builder