Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3443 matches found

UbuntuCve
UbuntuCveadded 2017/01/15 2:59 a.m.35 views

CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

7.5CVSS7.1AI score0.01668EPSS
Exploits0References7
OSV
OSVadded 2017/01/15 2:59 a.m.0 views

UBUNTU-CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

7.5CVSS7AI score0.01668EPSS
Exploits0References8
Prion
Prionadded 2017/01/15 2:59 a.m.18 views

Design/Logic Flaw

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

5CVSS7.9AI score0.01668EPSS
Exploits0References8Affected Software1
CVE
CVEadded 2017/01/15 2:0 a.m.173 views

CVE-2017-5493

The CVE-2017-5493 issue affects WordPress multisite activation keys in wp-includes/ms-functions.php. The root cause is weak randomness when generating multisite activation keys, which can let an unauthenticated remote attacker bypass access restrictions during (1) site signup or (2) user signup. ...

7.5CVSS6.8AI score0.01668EPSS
Exploits0References8Affected Software1
Cvelist
Cvelistadded 2017/01/15 2:0 a.m.17 views

CVE-2017-5493

wp-includes/ms-functions.php in the Multisite WordPress API in WordPress before 4.7.1 does not properly choose random numbers for keys, which makes it easier for remote attackers to bypass intended access restrictions via a crafted 1 site signup or 2 user signup...

7AI score0.01668EPSS
Exploits0References8
CNVD
CNVDadded 2016/12/14 12:0 a.m.1 views

Wordpress Plugin Multisite Post Duplicator Cross-Site Request Forgery Vulnerability

WordPress is the WordPress Software Foundation of a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL server set up a personal blog site . A cross-site request forgery vulnerability exists in the tools.php page of version 0.9.5.1 of the Wordpress plug...

6.9AI score
Exploits0References1
0day.today
0day.todayadded 2016/12/13 12:0 a.m.41 views

WordPress Multisite Post Duplicator 0.9.5.1 Plugin - Cross-Site Request Forgery Vulnerability

Exploit for php platform in category web applications alert1" input type="text" name=...

7.1AI score
Exploits0
Exploit DB
Exploit DBadded 2016/12/12 12:0 a.m.47 views

WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery

alert1" input type="text" name="el1...

7.4AI score
Exploits0
exploitpack
exploitpackadded 2016/12/12 12:0 a.m.10 views

WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery

WordPress Plugin Multisite Post Duplicator 0.9.5.1 - Cross-Site Request Forgery alert1" input type="text" name="el0"...

7.4AI score
Exploits0
Packet Storm
Packet Stormadded 2016/12/09 12:0 a.m.26 views

WordPress Multisite Post Duplicator 0.9.5.1 Cross Site Request Forgery

Details ================ Software: Multisite Post Duplicator Version: 0.9.5.1 Homepage: http://wordpress.org/plugins/multisite-post-duplicator/ Advisory report:...

7.4AI score
Exploits0
Patchstack
Patchstackadded 2016/12/09 12:0 a.m.8 views

WordPress Multisite Post Duplicator Plugin <= 0.9.5.1 - Cross Site Request Forgery

This plugin is prone to a cross site request forgery vulnerability. Solution Update the plugin...

2.5AI score
Exploits0References2Affected Software1
Patchstack
Patchstackadded 2016/12/09 12:0 a.m.5 views

WordPress Multisite Post Duplicator Plugin <= 0.9.5.1 - Cross Site Request Forgery

This plugin is prone to a cross site request forgery vulnerability. Solution Update the plugin...

2.5AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDBadded 2016/12/09 12:0 a.m.19 views

Multisite Post Duplicator <= 0.9.5.1 - Cross-Site Request Forgery (CSRF)

The Multisite Post Duplicator WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...

6.8CVSS2.5AI score0.00202EPSS
Exploits1References2Affected Software1
WPVulnDB
WPVulnDBadded 2016/07/06 12:0 a.m.18 views

WP Maintenance Mode <= 2.0.6 - Authenticated Multisite Remote Code Execution

The WP Maintenance Mode WordPress plugin was affected by an Authenticated Multisite Remote Code Execution security vulnerability...

6.5CVSS2.9AI score0.01631EPSS
Exploits0References1Affected Software1
securityvulns
securityvulnsadded 2015/10/26 12:0 a.m.69 views

CVE-2015-6535: Stored XSS in YouTube Embed &#40;WordPress plugin&#41; allows admins to compromise super admins

Details ================ Software: YouTube Embed Version: 3.3.2 Homepage: https://wordpress.org/plugins/youtube-embed/ CVE ID: CVE-2015-6535 Pending CWE ID: CWE-79 CVSS: 5.5 Medium; AV:N/AC:L/Au:S/C:P/I:P/A:N Description ================ A stored XSS vulnerability in YouTube Embed 3.3.2 and...

3.5CVSS0.8AI score0.00501EPSS
Exploits2
WPVulnDB
WPVulnDBadded 2015/10/19 12:0 a.m.10 views

Recent Posts Widget Extended <= 0.9.9.3 - Authenticated XSS (multisite)

XSS in the Recent Posts Widget Extended plugin allows single site admins to change network admin's password with simple CSRF described above POC field. This vulnerability is currently unpatched. PoC 1. Login as single site administrator 2. Add Recent Posts Extended Widget to some widget area 3...

0.5AI score
Exploits0References2Affected Software1
wpexploit
wpexploitadded 2015/10/19 12:0 a.m.12 views

Recent Posts Widget Extended <= 0.9.9.3 - Authenticated XSS (multisite)

XSS in the Recent Posts Widget Extended plugin allows single site admins to change network admin's password with simple CSRF described above POC field. This vulnerability is currently unpatched. 1. Login as single site administrator 2. Add Recent Posts Extended Widget to some widget area 3. Add...

0.3AI score
Exploits0References2
NVD
NVDadded 2015/08/31 6:59 p.m.14 views

CVE-2014-2330

Multiple cross-site request forgery CSRF vulnerabilities in the Multisite GUI in CheckMK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that 1 upload arbitrary snapshots, 2 delete arbitrary files, or possibly have other unspecified impact via unknown...

6.8CVSS7.6AI score0.00127EPSS
Exploits1References3
UbuntuCve
UbuntuCveadded 2015/08/31 6:59 p.m.26 views

CVE-2014-2330

Multiple cross-site request forgery CSRF vulnerabilities in the Multisite GUI in CheckMK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that 1 upload arbitrary snapshots, 2 delete arbitrary files, or possibly have other unspecified impact via unknown...

6.8CVSS6.2AI score0.00127EPSS
Exploits1References3
Prion
Prionadded 2015/08/31 6:59 p.m.17 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Multisite GUI in CheckMK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that 1 upload arbitrary snapshots, 2 delete arbitrary files, or possibly have other unspecified impact via unknown...

6.8CVSS7.9AI score0.00127EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder