Lucene search
K

18 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:49 a.m.15 views

CVE-2024-7818

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:40 a.m.9 views

CVE-2024-7817

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...

6.5CVSS6.9AI score0.00225EPSS
Exploits1References1
NVD
NVD
added 2024/09/12 6:15 a.m.19 views

CVE-2024-7817

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...

6.5CVSS0.00225EPSS
Exploits1References1
OSV
OSV
added 2024/09/12 6:15 a.m.5 views

CVE-2024-7818

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00177EPSS
Exploits1References1
OSV
OSV
added 2024/09/12 6:15 a.m.7 views

CVE-2024-7817

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...

6.5CVSS5.9AI score0.00225EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/12 6:0 a.m.17 views

CVE-2024-7817 Misiek Photo Album <= 1.4.3 - Album Deletion via CSRF

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...

6.9AI score0.00225EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/09/12 6:0 a.m.17 views

CVE-2024-7818 Misiek Photo Album <= 1.4.3 - Stored XSS via CSRF

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

5.9AI score0.00177EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/12 6:0 a.m.23 views

CVE-2024-7817 Misiek Photo Album <= 1.4.3 - Album Deletion via CSRF

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack...

0.00225EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/09/12 6:0 a.m.31 views

CVE-2024-7818 Misiek Photo Album <= 1.4.3 - Stored XSS via CSRF

The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

0.00177EPSS
Exploits1References1
CVE
CVE
added 2024/09/12 6:0 a.m.55 views

CVE-2024-7817

CVE-2024-7817 affects the Misiek Photo Album WordPress plugin, version ≤ 1.4.3, which lacks CSRF checks in some areas and could let an attacker cause a logged-in user to delete arbitrary albums via CSRF. The vulnerability has a CVSS v3.1 base score of 6.5 (Medium) with no confidentiality impact, ...

6.5CVSS6.7AI score0.00225EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.5 views

WordPress plugin Misiek Photo Album 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... A security vulnerability...

6.5CVSS6.6AI score0.00225EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/09/12 12:0 a.m.3 views

WordPress plugin Misiek Photo Album 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin.... A security vulnerability...

6.1CVSS6.7AI score0.00177EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.7 views

PT-2024-38604 · WordPress · Misiek Photo Album

Name of the Vulnerable Software and Affected Versions: Misiek Photo Album WordPress plugin versions 1.4.3 and earlier Description: The issue is related to the lack of CSRF checks in some places, which could allow attackers to make logged-in users delete arbitrary albums via a CSRF attack. This...

6.5CVSS6.5AI score0.00225EPSS
Exploits1References7
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.12 views

PT-2024-38605 · WordPress · Misiek Photo Album

Name of the Vulnerable Software and Affected Versions: Misiek Photo Album WordPress plugin versions 1.4.3 and earlier Description: The issue is related to the lack of CSRF checks in some places, as well as missing sanitization and escaping, which could allow attackers to make logged-in admins add...

6.1CVSS5.6AI score0.00177EPSS
Exploits1References7
Patchstack
Patchstack
added 2024/08/27 1:37 a.m.2 views

WordPress Misiek Photo Album plugin <= 1.4.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability

Cross-Site Request Forgery to Stored Cross-Site Scripting vulnerability discovered by Daniel Ruf in WordPress Plugin Misiek Photo Album versions = 1.4.3...

6.1CVSS5.9AI score0.00177EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/08/27 1:37 a.m.5 views

WordPress Misiek Photo Album plugin <= 1.4.3 - Album Deletion via CSRF vulnerability

Album Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Misiek Photo Album versions = 1.4.3...

6.5CVSS7AI score0.00225EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2024/08/27 12:0 a.m.10 views

WordPress Misiek Photo Album Plugin <= 1.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Misiek Photo Album Type Plugin Vulnerable versions = 1.4.3 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7817 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e7a1753e88ea Credits Bob Matyas Required...

6.5CVSS6.7AI score0.00225EPSS
Exploits1References3Affected Software1
Patchstack
Patchstack
added 2024/08/27 12:0 a.m.12 views

WordPress Misiek Photo Album Plugin <= 1.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Misiek Photo Album Type Plugin Vulnerable versions = 1.4.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7818 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID e6740ef34635 Credits Daniel Ruf Required...

6.1CVSS6.7AI score0.00177EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder