Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.5 views

CVE-2023-4731

The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the initendpoint function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a forged request...

4.3CVSS5.4AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:25 a.m.7 views

CVE-2023-4728

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and abov...

5.4CVSS5AI score0.00317EPSS
Exploits0References1
NVD
NVD
added 2024/03/12 10:15 a.m.14 views

CVE-2023-4729

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key a key fully controll...

4.3CVSS4.2AI score0.00208EPSS
Exploits0References2
NVD
NVD
added 2024/03/12 10:15 a.m.18 views

CVE-2023-4728

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and abov...

5.4CVSS4.2AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2024/03/12 10:15 a.m.2 views

CVE-2023-4728

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and abov...

5.4CVSS5.8AI score0.00317EPSS
Exploits0References2
OSV
OSV
added 2024/03/12 10:15 a.m.8 views

CVE-2023-4729

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key a key fully controll...

4.3CVSS5.7AI score0.00208EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/12 9:33 a.m.16 views

CVE-2023-4729 LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Cross-Site Request Forgery via publish_lp()

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key a key fully controll...

4.3CVSS6.6AI score0.00208EPSS
Exploits0References2
CVE
CVE
added 2024/03/12 9:33 a.m.58 views

CVE-2023-4729

CVE-2023-4729 relates to the LadiApp WordPress plugin. A CSRF vulnerability exists due to a missing nonce check on the publish_lp() AJAX action in versions up to 4.4. This can allow an unauthenticated attacker to change the LadiPage key and freely create pages, including pages that trigger stored...

4.3CVSS5AI score0.00208EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/12 9:33 a.m.18 views

CVE-2023-4728 LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Missing Authorization on publish_lp()

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and abov...

4.3CVSS6.6AI score0.00317EPSS
Exploits0References2
Rows per page
Query Builder