CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2024/03/20 10:15 a.m.•8 views

CVE-2024-2702

9.8CVSS8.2AI score0.00584EPSS

Cvelist•added 2024/03/20 9:36 a.m.•13 views

CVE-2024-2702 WordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerability

8.2CVSS8.4AI score0.00584EPSS

Vulnrichment•added 2024/03/20 9:36 a.m.•12 views

CVE-2024-2702 WordPress Olive One Click Demo Import plugin <= 1.1.1 - Broken Access Control vulnerability

8.2CVSS6.9AI score0.00584EPSS

CVE•added 2024/03/20 9:36 a.m.•68 views

CVE-2024-2702

CVE-2024-2702 covers Olive One Click Demo Import (Olive Themes) with Missing Authorization that enables importing settings/data and leads to XSS on versions up to 1.1.1. Public sources confirm a patch in 1.1.2. Remediation: upgrade to Olive One Click Demo Import 1.1.2 or apply vendor-provided fix...

9.8CVSS8.5AI score0.00584EPSS

CNNVD•added 2024/03/20 12:0 a.m.•3 views

WordPress Plugin Olive One Click Demo Import Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

9.8CVSS5.9AI score0.00584EPSS

Patchstack•added 2024/03/20 12:0 a.m.•10 views

WordPress Olive One Click Demo Import Plugin <= 1.1.1 is vulnerable to Broken Access Control

Software Olive One Click Demo Import Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-2702 Patch priority High CVSS severity High 8.2 Developer Claim ownership PSID 277d1e4e3b86 Credits Yudistira Arya...

9.8CVSS6.8AI score0.00584EPSS

OSV•added 2024/02/28 5:15 p.m.•1 views

CVE-2024-21749

Cross-Site Request Forgery CSRF vulnerability in Atakan Au 1 click disable all.This issue affects 1 click disable all: from n/a through 1.0.1...

8.8CVSS6.1AI score

CNNVD•added 2024/02/28 12:0 a.m.•2 views

WordPress Plugin 1 click disable all Cross Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

8.8CVSS6.6AI score0.00221EPSS

Exploits0References2

The Hacker News•added 2024/02/05 7:37 a.m.•32 views

Pegasus Spyware Targeted iPhones of Journalists and Activists in Jordan

The iPhones belonging to nearly three dozen journalists, activists, human rights lawyers, and civil society members in Jordan have been targeted with NSO Group's Pegasus spyware, according to joint findings from Access Now and the Citizen Lab. Nine of the 35 individuals have been publicly confirm...

6.8AI score

Exploits0

OSV•added 2024/01/31 12:16 p.m.•3 views

CVE-2024-23507

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9...

8.8CVSS5.8AI score0.00621EPSS

Positive Technologies•added 2024/01/31 12:0 a.m.•5 views

PT-2024-19909 · WordPress · Instawp Connect

Name of the Vulnerable Software and Affected Versions: InstaWP Connect – 1-click WP Staging & Migration versions 0.1.0.9 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for...

8.8CVSS9AI score0.00621EPSS

Exploits0References5

OSV•added 2024/01/27 12:15 a.m.•1 views

CVE-2024-23506

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in InstaWP Team InstaWP Connect – 1-click WP Staging & Migration.This issue affects InstaWP Connect – 1-click WP Staging & Migration: from n/a through 0.1.0.9...

6.5CVSS5.8AI score

OSV•added 2023/12/20 7:15 p.m.•4 views

CVE-2023-29102

Unrestricted Upload of File with Dangerous Type vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1...

7.2CVSS5.8AI score0.0064EPSS

CVE•added 2023/12/20 7:9 p.m.•40 views

CVE-2023-29102

CVE-2023-29102 describes an Unrestricted Upload of File with Dangerous Type in the WordPress plugin Olive One Click Demo Import . Affected versions include up to 1.1.1 (some sources cite

9.1CVSS7.5AI score0.0064EPSS

CNNVD•added 2023/12/20 12:0 a.m.•3 views

WordPress Plugin Olive One Click Demo Import Code Issue Vulnerability

9.1CVSS6.8AI score0.0064EPSS

CNNVD•added 2023/10/20 12:0 a.m.•3 views

WordPress Plugin Waiting: One-click countdowns Cross-Site Scripting Vulnerability

5.5CVSS6AI score0.00332EPSS

CNNVD•added 2023/08/31 12:0 a.m.•4 views

WordPress plugin Waiting: One-click countdowns 跨站请求伪造漏洞

6.3CVSS5AI score0.00187EPSS

Patchstack•added 2023/08/28 12:0 a.m.•13 views

WordPress Olive One Click Demo Import Plugin <= 1.1.2 is vulnerable to Arbitrary File Upload

Software Olive One Click Demo Import Type Plugin Vulnerable versions = 1.1.2 Fixed in N/A OWASP Top 10 A1: Injection Classification Arbitrary File Upload CVE CVE-2023-29102 Patch priority Low CVSS severity Low 9.1 Developer Claim ownership PSID c225fdbdb389 Credits deokhunKim Required privilege...

9.1CVSS6.8AI score0.0064EPSS