Lucene search
K

5 matches found

Patchstack
Patchstack
added 2024/04/01 4:6 a.m.5 views

WordPress News Wall plugin <= 1.1.0 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Benedictus Jovan in WordPress Plugin News Wall versions = 1.1.0...

4.3CVSS8.4AI score0.00204EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/01 12:0 a.m.13 views

WordPress News Wall Plugin <= 1.1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software News Wall Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2970 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 532cc4a5abb6 Credits Benedictus Jovan Required...

4.3CVSS6.6AI score0.00204EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/29 6:43 a.m.16 views

CVE-2024-2970 News Wall <= 1.1.0 - Cross-Site Request Forgery to Plugin Settings Update

The News Wall plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing or incorrect nonce validation on the nwapnewslistpage function. This makes it possible for unauthenticated attackers to update the plugin's settings a...

4.3CVSS7.2AI score0.00204EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.6 views

WordPress Plugin News Wall 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blog sites on servers running PHP and MySQL.WordPress plugin i...

4.3CVSS7.9AI score0.00204EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.5 views

PT-2024-22964 · WordPress · The News Wall

Name of the Vulnerable Software and Affected Versions: The News Wall plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is due to missing or incorrect nonce validation on the nwap newslist page function, making it possible for unauthenticated attackers to update the...

4.3CVSS9.3AI score0.00204EPSS
Exploits0References5
Rows per page
Query Builder