Lucene search
K

943 matches found

CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

WordPress plugin Display custom fields in the frontend Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.8AI score0.00472EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.19 views

WPDashboardNotes < 1.0.11 - Unauthorised Deletion of Private Notes

Description The plugin is vulnerable to Insecure Direct Object References IDOR in postid= parameter. Authenticated users are able to delete private notes associated with different user accounts. This poses a significant security risk as it violates the principle of least privilege and compromises...

6.4AI score0.00402EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2024/01/31 11:49 a.m.30 views

CVE-2024-22305 WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36...

7.5CVSS8.4AI score0.00453EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/31 11:49 a.m.7 views

CVE-2024-22305 WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in ali Forms Contact Form builder with drag & drop for WordPress – Kali Forms.This issue affects Contact Form builder with drag & drop for WordPress – Kali Forms: from n/a through 2.3.36...

7.5CVSS7.8AI score0.00453EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/01/31 12:0 a.m.12 views

WordPress Starbox Plugin <= 3.4.7 is vulnerable to Insecure Direct Object References (IDOR)

Software Starbox Type Plugin Vulnerable versions = 3.4.7 Fixed in 3.4.8 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2024-0366 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 91eab1a196aa Credits Sh Required privilege...

4.3CVSS6.5AI score0.00576EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/01/17 12:0 a.m.10 views

WordPress Contact Form builder with drag & drop - Kali Forms Plugin <= 2.3.36 is vulnerable to Insecure Direct Object References (IDOR)

Software Contact Form builder with drag & drop - Kali Forms Type Plugin Vulnerable versions = 2.3.36 Fixed in 2.3.37 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2024-22305 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership...

8.1CVSS6.5AI score0.00453EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/01/08 12:0 a.m.14 views

WordPress Profile Builder Plugin <= 3.10.7 is vulnerable to Insecure Direct Object References (IDOR)

Software Profile Builder Type Plugin Vulnerable versions = 3.10.7 Fixed in 3.10.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6504 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4a72357868f4 Credits Francesco...

4.3CVSS6.5AI score0.00349EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/01/05 7:56 a.m.23 views

CVE-2023-51502 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1...

7.5CVSS9.7AI score0.00599EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/01/05 7:56 a.m.12 views

CVE-2023-51502 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1...

7.5CVSS6.9AI score0.00599EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/01/03 12:0 a.m.18 views

WordPress LearnPress Plugin <= 4.2.5.7 is vulnerable to Insecure Direct Object References (IDOR)

Software LearnPress Type Plugin Vulnerable versions = 4.2.5.7 Fixed in 4.2.5.8 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-6223 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d81a8f21bcf7 Credits lttn Required...

4.3CVSS6.5AI score0.00347EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/12/31 5:59 p.m.25 views

CVE-2023-51503 WordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2...

5.9CVSS7.7AI score0.00464EPSS
Exploits0References1
OSV
OSV
added 2023/12/28 9:30 p.m.9 views

GHSA-488M-W9FP-5MM2 Infinispan circular object references causes out of memory errors

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

7.1CVSS6.3AI score0.0089EPSS
Exploits0References12
Github Security Blog
Github Security Blog
added 2023/12/28 9:30 p.m.19 views

Infinispan circular object references causes out of memory errors

A flaw was found in Infinispan, which does not detect circular object references when unmarshalling. An authenticated attacker with sufficient permissions could insert a maliciously constructed object into the cache and use it to cause out of memory errors and achieve a denial of service...

6.5CVSS6.3AI score0.0089EPSS
Exploits0References12Affected Software1
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.10 views

WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.6.1 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Stripe Payment Gateway Type Plugin Vulnerable versions = 7.6.1 Fixed in 7.6.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-51502 Patch priority Low CVSS severity Low 7.5 Developer Claim ownership PSID fccb1cf37427...

9.8CVSS6.5AI score0.00599EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/12/27 12:0 a.m.10 views

WordPress WooCommerce Payments Plugin <= 6.6.2 is vulnerable to Insecure Direct Object References (IDOR)

Software WooCommerce Payments Type Plugin Vulnerable versions = 6.6.2 Fixed in 6.7.0 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-51503 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 37fceefefd1e Credits Rafie...

7.5CVSS6.5AI score0.00464EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/21 6:26 p.m.28 views

CVE-2023-47191 WordPress Youzify Plugin <= 1.2.2 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in KaineLabs Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress.This issue affects Youzify – BuddyPress Community, User Profile, Social Network & Membership Plugin for WordPress: from n/a...

6.5CVSS6.7AI score0.00428EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/12/21 6:18 p.m.7 views

CVE-2023-32747 WordPress WooCommerce Bookings Plugin <= 1.15.78 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Bookings.This issue affects WooCommerce Bookings: from n/a through 1.15.78...

5.4CVSS6.9AI score0.00449EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/20 3:18 p.m.23 views

CVE-2023-35914 WordPress WooCommerce Subscriptions Plugin <= 5.1.2 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce Woo Subscriptions.This issue affects Woo Subscriptions: from n/a through 5.1.2...

7.5CVSS7.8AI score0.00574EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/20 3:12 p.m.30 views

CVE-2023-35916 WordPress WooCommerce Payments Plugin <= 5.9.0 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0...

7.5CVSS8.2AI score0.00565EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/12/20 2:42 p.m.25 views

CVE-2023-35876 WordPress WooCommerce Square Plugin <= 3.8.1 is vulnerable to Insecure Direct Object References (IDOR)

Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Square.This issue affects WooCommerce Square: from n/a through 3.8.1...

8.1CVSS8.3AI score0.00735EPSS
Exploits0References1
Rows per page
Query Builder