Lucene search
K

138 matches found

WPVulnDB
WPVulnDB
added 2024/03/13 12:0 a.m.30 views

Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 - Unauthenticated Privilege Escalation

Description The plugin does not prevent unauthenticated users from resetting any account's password, allowing them to takeover sites by resetting one of its administrators' password. PoC curl --url 'http://vulnerable-site.tld/wp-login.php' --data...

9.8CVSS9.6AI score0.01712EPSS
Exploits1References1Affected Software1
wpexploit
wpexploit
added 2024/03/13 12:0 a.m.480 views

Malware Scanner < 4.7.3 and Web Application Firewall < 2.1.2 - Unauthenticated Privilege Escalation

Description The plugin does not prevent unauthenticated users from resetting any account's password, allowing them to takeover sites by resetting one of its administrators' password. curl --url 'http://vulnerable-site.tld/wp-login.php' --data...

9.8CVSS9.7AI score0.01712EPSS
Exploits1References1
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.9 views

WordPress Plugin Malware Scanner Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

9.8CVSS6.5AI score0.01712EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.9 views

PT-2024-19020 · WordPress · Web Application Firewall +1

Name of the Vulnerable Software and Affected Versions: Malware Scanner plugin versions up to, and including, 4.7.2 Web Application Firewall plugin versions up to, and including, 2.1.1 Description: The issue is related to a missing capability check on the mo wpns init function, which allows...

9.8CVSS9.8AI score0.01712EPSS
Exploits1References8
Patchstack
Patchstack
added 2024/03/13 12:0 a.m.14 views

WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to Privilege Escalation

Software Malware Scanner Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A1: Broken Access Control Classification Privilege Escalation CVE CVE-2024-2172 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID e270f8310961 Credits Stiofan Required privilege...

9.8CVSS9.3AI score0.01712EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2024/02/28 1:15 p.m.3 views

CVE-2024-25902

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...

7.2CVSS7.3AI score0.00541EPSS
Exploits0References1
NVD
NVD
added 2024/02/28 1:15 p.m.22 views

CVE-2024-25902

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...

7.6CVSS7.9AI score0.00541EPSS
Exploits0References1
Prion
Prion
added 2024/02/28 1:15 p.m.33 views

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...

4.7CVSS8AI score0.00541EPSS
Exploits0References1
CVE
CVE
added 2024/02/28 1:1 p.m.116 views

CVE-2024-25902

CVE-2024-25902 : WordPress plugin miniorange Malware Scanner (v4.7.2 and earlier) is affected by an SQL Injection due to improper neutralization of inputs. The vulnerability is exploitable with administrator privileges (Wordfence notes “Authenticated (Administrator+) SQL Injection”) and is linked...

7.6CVSS8.2AI score0.00541EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/28 1:1 p.m.12 views

CVE-2024-25902 WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...

7.6CVSS7.6AI score0.00541EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/02/28 1:1 p.m.28 views

CVE-2024-25902 WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in miniorange Malware Scanner.This issue affects Malware Scanner: from n/a through 4.7.2...

7.6CVSS8.1AI score0.00541EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.6 views

PT-2024-21193 · Miniorange · Miniorange Malware Scanner

Name of the Vulnerable Software and Affected Versions: miniorange Malware Scanner versions through 4.7.2 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as 'SQL Injection'. This allows for potential exploitation by injecting...

7.6CVSS8.1AI score0.00541EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/02/12 12:0 a.m.9 views

WordPress Malware Scanner Plugin <= 4.7.2 is vulnerable to SQL Injection

Software Malware Scanner Type Plugin Vulnerable versions = 4.7.2 Fixed in 4.7.3 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-25902 Patch priority Low CVSS severity Low 7.6 Developer Claim ownership PSID 46c75a59070d Credits Le Ngoc Anh Required privilege Administrator...

7.6CVSS6.8AI score0.00541EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/01/08 9:15 p.m.2 views

CVE-2023-51490

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0...

7.5CVSS5.8AI score0.0048EPSS
Exploits0References1
NVD
NVD
added 2024/01/08 9:15 p.m.23 views

CVE-2023-51490

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0...

7.5CVSS6AI score0.0048EPSS
Exploits0References1
Prion
Prion
added 2024/01/08 9:15 p.m.20 views

Code injection

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in WPMU DEV Defender Security – Malware Scanner, Login Security & Firewall.This issue affects Defender Security – Malware Scanner, Login Security & Firewall: from n/a through 4.1.0...

5CVSS7AI score0.0048EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/01/08 12:0 a.m.5 views

PT-2024-14149 · Unknown · Defender Security – Malware Scanner

Name of the Vulnerable Software and Affected Versions: Defender Security – Malware Scanner, Login Security & Firewall versions through 4.1.0 Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made availabl...

7.5CVSS7.6AI score0.0048EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.12 views

Defender Security < 4.2.0 - Sensitive Information Exposure via Log File

Description The Defender Security – Malware Scanner, Login Security & Firewall plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.1.0 via the plugin's log file. This makes it possible for unauthenticated attackers to extract sensitive data...

7.5CVSS6.9AI score0.0048EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.16 views

Malware Scanner < 4.7.2 - IP Spoofing

Description The Malware Scanner plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 4.7.1 due to insufficient IP address validation and use of user-supplied HTTP headers as a primary method for IP retrieval. This makes it possible for unauthenticated...

6.7AI score0.00403EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2023/12/29 12:0 a.m.10 views

WordPress Malware Scanner Plugin <= 4.7.1 is vulnerable to Bypass Vulnerability

Software Malware Scanner Type Plugin Vulnerable versions = 4.7.1 Fixed in 4.7.2 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-52176 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID f6265f1e1b85 Credits Brandon Roldan Required...

5.3CVSS6.5AI score0.00403EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder