Lucene search
K

370 matches found

ATTACKERKB
ATTACKERKB
added 2022/11/15 2:15 p.m.4 views

CVE-2022-3240

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

8.8CVSS7.2AI score0.00552EPSS
Exploits1References3
OSV
OSV
added 2022/10/28 5:15 p.m.5 views

CVE-2022-2864

The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...

8.8CVSS5.6AI score0.00469EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/10/28 12:0 a.m.5 views

PT-2022-19129 · WordPress · Demon Image Annotation Plugin

Name of the Vulnerable Software and Affected Versions: demon image annotation plugin for WordPress versions up to, and including, 4.7 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation in the /includes/settings.php file. This allows unauthenticated...

8.8CVSS8.5AI score0.00469EPSS
Exploits0References5
CNNVD
CNNVD
added 2022/10/28 12:0 a.m.3 views

WordPress plugin demon image annotation 跨站请求伪造漏洞

WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. Cross-site request forgery vulnerability exists in WordPress demon image annotation 4.7 and earlier versions, which stems from the lack of nonce...

8.8CVSS6.7AI score0.00469EPSS
Exploits0References4
OSV
OSV
added 2022/09/06 6:15 p.m.4 views

CVE-2022-2542

The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This make...

8.8CVSS5.6AI score0.00552EPSS
Exploits0References4
OSV
OSV
added 2022/09/06 6:15 p.m.3 views

CVE-2022-2541

The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This makes i...

8.8CVSS5.6AI score0.0056EPSS
Exploits0References4
CNNVD
CNNVD
added 2022/09/06 12:0 a.m.5 views

WordPress plugin Link Optimizer Lite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

8.8CVSS7.7AI score0.00543EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2022/09/06 12:0 a.m.5 views

PT-2022-17281 · WordPress · Ucontext For Clickbank

Name of the Vulnerable Software and Affected Versions: uContext for Clickbank plugin for WordPress versions up to, and including 3.9.1 Description: The issue is due to missing nonce validation in the /app/sites/ajax/actions/keyword save.php file, which is called via the doAjax function. This allo...

8.8CVSS8AI score0.00552EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/07/02 12:0 a.m.8 views

PT-2022-6290 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax save state function. This allows unauthenticat...

6.4CVSS5.3AI score0.00308EPSS
Exploits0References9
OSV
OSV
added 2022/06/13 2:15 p.m.5 views

CVE-2022-1969

The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the adminupdatedata function. This makes it possible for unauthenticated attackers to inject malicious...

8.8CVSS7.2AI score0.00831EPSS
Exploits0References3
Rows per page
Query Builder