Lucene search
+L

108 matches found

Patchstack
Patchstack
added 2024/06/21 3:38 p.m.6 views

WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Newspack Newsletters versions = 2.13.2...

4.3CVSS7AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/21 12:0 a.m.10 views

WordPress Newspack Newsletters Plugin <= 2.13.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Newspack Newsletters Type Plugin Vulnerable versions = 2.13.2 Fixed in 2.13.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37242 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8f54e12bc4ce Credits Rafie Muhamm...

7AI score0.0018EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/06/20 9:30 a.m.7 views

WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability

Sensitive Data Exposure vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Newspack Blocks versions = 3.0.8...

7.5CVSS7AI score0.00551EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/06/20 12:0 a.m.12 views

WordPress Newspack Blocks Plugin <= 3.0.8 is vulnerable to Sensitive Data Exposure

Software Newspack Blocks Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37115 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4f21501b4dac Credits Rafie Muhammad Patchstack...

7.5CVSS6.5AI score0.00551EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2024/06/05 9:20 a.m.37 views

Automattic: Authentication & Registration Bypass in Newspack Extended Access

The Newspack Extended Access plugin omitted to verify JWT signing on the registration and login JSON endpoint. This permitted registration of accounts with arbitrary user-supplied details, and authentication bypass and account hijack if a target account email was known...

7.4AI score
Exploits0
Hacker One
Hacker One
added 2024/04/21 3:37 a.m.59 views

Automattic: Authentication & Registration Bypass in Newspack Extended Access

The Newspack Extended Access plugin failed to validate the JWT signing on the registration and login JSON endpoint. This allowed for the registration of accounts with arbitrary user-supplied details and authentication bypass if a target account email was known...

7.4AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2022/06/20 8:26 p.m.2 views

Malicious code in newspack-blocks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19d89b9d3f2015dea066768f0f4932002b56fe3f15314f22cd1624289d77e654 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References1
OSV
OSV
added 2022/06/20 8:26 p.m.5 views

MAL-2022-4821 Malicious code in newspack-blocks (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19d89b9d3f2015dea066768f0f4932002b56fe3f15314f22cd1624289d77e654 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References1
Rows per page
Query Builder