Lucene search
K

96 matches found

Positive Technologies
Positive Technologies
added 2024/07/24 12:0 a.m.11 views

PT-2024-37846 · WordPress · Social Auto Poster

Name of the Vulnerable Software and Affected Versions: Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue allows unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This enables...

7.5CVSS7AI score0.00285EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/07/24 12:0 a.m.7 views

PT-2024-37847 · WordPress · Social Auto Poster

Name of the Vulnerable Software and Affected Versions: The Social Auto Poster plugin for WordPress versions up to, and including, 5.3.14 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on multiple functions. This allows unauthenticated...

6.5CVSS6.9AI score0.00166EPSS
Exploits0References7
NVD
NVD
added 2024/07/18 2:15 a.m.35 views

CVE-2024-6175

The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the multiple functions called via AJAX like savefieldssettings, bupdeleteuseravatar, bupcropavataruserprofileimage, and more in a...

5.4CVSS0.00298EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/07/18 12:0 a.m.6 views

PT-2024-37434 · WordPress · Booking Ultra Pro Appointments Booking Calendar Plugin

Name of the Vulnerable Software and Affected Versions: The Booking Ultra Pro Appointments Booking Calendar Plugin plugin for WordPress versions up to, and including, 1.1.13 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify and delete multiple...

5.4CVSS6.7AI score0.00298EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2024/06/22 6:15 a.m.4 views

CVE-2024-5596

The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta...

6.3CVSS5.9AI score0.00165EPSS
Exploits0References3
CVE
CVE
added 2024/05/16 9:32 a.m.76 views

CVE-2024-4222

CVE-2024-4222 affects the Tutor LMS Pro WordPress plugin. A missing capability check in multiple functions allows unauthenticated attackers to add, modify or delete user meta and plugin options across versions up to 2.7.0. The issue enables unauthorized data access/modification and data loss. Rem...

8.2CVSS6.6AI score0.00329EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.5 views

PT-2024-29795 · WordPress · Tutor Lms Pro

Name of the Vulnerable Software and Affected Versions: Tutor LMS Pro plugin for WordPress versions prior to 2.7.1 Description: The issue allows unauthorized access, modification, and loss of data due to a missing capability check on multiple functions. This enables unauthenticated attackers to ad...

8.2CVSS6.9AI score0.00329EPSS
Exploits0References8
NVD
NVD
added 2024/02/05 10:16 p.m.20 views

CVE-2024-0790

The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm...

5.4CVSS5.1AI score0.00312EPSS
Exploits0References3
Prion
Prion
added 2024/02/05 10:16 p.m.19 views

Cross site request forgery (csrf)

The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm...

4.3CVSS6.7AI score0.00312EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/05 9:21 p.m.13 views

CVE-2024-0790 WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Cross-Site Request Forgery

The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm...

5.4CVSS6.6AI score0.00312EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/05 9:21 p.m.30 views

CVE-2024-0790 WOLF – WordPress Posts Bulk Editor and Manager Professional <= 1.0.8.1 - Cross-Site Request Forgery

The WOLF – WordPress Posts Bulk Editor and Manager Professional plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.8.1. This is due to missing or incorrect nonce validation on the wpbecreatenewterm, wpbeupdatetaxterm, and wpbedeletetaxterm...

5.4CVSS5.4AI score0.00312EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2023/12/19 12:0 a.m.17 views

SpeedyCache < 1.1.4 - Missing Authorization to Plugin Options Update

Description The SpeedyCache plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the speedycachesavevarniship, speedycacheimgupdatesettings, speedycachepreloadingaddsettings, and speedycachepreloadingdeleteresource functions in all versions ...

4.3CVSS6.2AI score0.00358EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.11 views

UserPro < 5.1.2 - Cross-Site Request Forgery via multiple functions

Description The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta an...

6.3CVSS7AI score0.00178EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/11/22 4:15 p.m.3 views

CVE-2023-6007

The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...

6.5CVSS5.8AI score0.00349EPSS
Exploits0References2
OSV
OSV
added 2023/11/22 4:15 p.m.3 views

CVE-2023-6008

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References2
NVD
NVD
added 2023/11/22 4:15 p.m.25 views

CVE-2023-6007

The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...

7.3CVSS0.00349EPSS
Exploits0References2
Prion
Prion
added 2023/11/22 4:15 p.m.19 views

Design/Logic Flaw

The UserPro plugin for WordPress is vulnerable to unauthorized access of data, modification of data, loss of data due to a missing capability check on multiple functions in all versions up to, and including, 5.1.1. This makes it possible for unauthenticated attackers to add, modify, or delete use...

6.4CVSS7AI score0.00349EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/11/22 4:15 p.m.20 views

Cross site request forgery (csrf)

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...

4.3CVSS7AI score0.00178EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/11/22 3:33 p.m.39 views

CVE-2023-6008 UserPro <= 5.1.1 - Cross-Site Request Forgery via multiple functions

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...

6.3CVSS6.4AI score0.00178EPSS
Exploits0References2
OSV
OSV
added 2023/02/28 1:15 p.m.6 views

CVE-2023-1028

The WP Meta SEO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the setIgnore function. This makes it possible for unauthenticated attackers to update plugin options via a forged...

4.3CVSS5.7AI score0.00316EPSS
Exploits0References3
Rows per page
Query Builder