Lucene search
K

257 matches found

CNNVD
CNNVD
added 2022/09/06 12:0 a.m.5 views

WordPress plugin Banner Cycler 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS7.6AI score0.00546EPSS
Exploits0References4
OSV
OSV
added 2022/08/22 3:15 p.m.4 views

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

6.5CVSS5.8AI score0.00369EPSS
Exploits1References1
OSV
OSV
added 2022/08/22 3:15 p.m.4 views

CVE-2022-2172

The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack...

4.3CVSS5.8AI score
Exploits0References2
OSV
OSV
added 2022/08/02 10:15 p.m.4 views

CVE-2022-36968

In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...

4.3CVSS5.8AI score0.00224EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/08/02 12:0 a.m.6 views

Progress WS_FTP Server 跨站请求伪造漏洞

Progress WSFTP Server is an effective and highly manageable FTP server from Progress. A security vulnerability exists in Progress WSFTP Server versions prior to 8.7.3, which stems from a form in its administration interface that does not contain a nonce to reduce the risk of cross-site request...

4.3CVSS4.9AI score0.00224EPSS
Exploits0References3
OSV
OSV
added 2022/07/18 5:15 p.m.4 views

CVE-2022-2224

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeedduplicatefeed. This make it possible for unauthenticated attackers to duplicate...

4.3CVSS5.6AI score0.00342EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2022/07/18 5:15 p.m.2 views

CVE-2022-2224

The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeedduplicatefeed. This make it possible for unauthenticated attackers to duplicate...

5.4CVSS5.8AI score0.00342EPSS
Exploits1References4
OSV
OSV
added 2022/07/18 5:15 p.m.5 views

CVE-2022-2039

The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupportisettings function found in the /livesupporti.php file. This makes it possible for unauthenticated attacke...

8.8CVSS5.8AI score0.0053EPSS
Exploits0References5
OSV
OSV
added 2022/06/20 11:15 a.m.3 views

CVE-2022-1630

The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack...

6.5CVSS5.8AI score0.00513EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/05/30 9:15 a.m.6 views

CVE-2022-1611

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF...

8.8CVSS7.3AI score0.00609EPSS
Exploits1References2
OSV
OSV
added 2022/02/01 1:15 p.m.4 views

CVE-2021-24761

The Error Log Viewer WordPress plugin before 1.1.2 does not perform nonce check when deleting a log file and does not have path traversal prevention, which could allow attackers to make a logged in admin delete arbitrary text files on the web server...

6.5CVSS5.9AI score0.00599EPSS
Exploits2References1
OSV
OSV
added 2021/11/01 9:15 a.m.4 views

CVE-2021-24685

The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload triggered either in the frontend or backend...

5.4CVSS6.1AI score0.00491EPSS
Exploits2References1
OSV
OSV
added 2021/04/05 7:15 p.m.3 views

CVE-2021-24163

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...

8.8CVSS7.3AI score0.01439EPSS
Exploits2References2
OSV
OSV
added 2018/12/19 11:29 a.m.5 views

CVE-2018-20231

Cross Site Request Forgery CSRF in the two-factor-authentication plugin before 1.3.13 for WordPress allows remote attackers to disable 2FA via the tfaenabletfa parameter due to missing nonce validation...

8.8CVSS5.8AI score0.01438EPSS
Exploits1References3
OSV
OSV
added 2018/05/31 1:29 a.m.4 views

CVE-2018-11580

An issue was discovered in mass-pages-posts-creator.php in the MULTIDOTS Mass Pages/Posts Creator plugin 1.2.2 for WordPress. Any logged in user can launch Mass Pages/Posts creation with custom content. There is no nonce or user capability check, so anyone can launch a DoS attack against a site a...

5.4CVSS5.6AI score0.00616EPSS
Exploits1References2
OSV
OSV
added 2017/05/18 2:29 p.m.5 views

UBUNTU-CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials...

8.8CVSS7.3AI score0.01742EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2014/05/20 12:0 a.m.4 views

PT-2014-2777 · Simplegeo · Python-Oauth2

Name of the Vulnerable Software and Affected Versions: SimpleGeo python-oauth2 affected versions not specified Description: The issue is related to the Server.verify request function in SimpleGeo python-oauth2, which does not check the nonce. This omission allows remote attackers to perform repla...

8.7CVSS6AI score0.02409EPSS
Exploits0References13
Rows per page
Query Builder