Lucene search
K

12 matches found

Patchstack
Patchstack
added 2024/04/01 4:7 a.m.5 views

WordPress Pocket News Generator plugin <= 0.2.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Benedictus Jovan in WordPress Plugin Pocket News Generator versions = 0.2.0...

5.4CVSS8.4AI score0.00187EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/01 12:0 a.m.10 views

WordPress Pocket News Generator Plugin <= 0.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Pocket News Generator Type Plugin Vulnerable versions = 0.2.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2964 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ea8a99346fee Credits Benedictus Jovan...

5.4CVSS6.6AI score0.00187EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/29 9:12 a.m.5 views

WordPress Pocket News Generator plugin <= 0.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability

Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan in WordPress Plugin Pocket News Generator versions = 0.2.0...

4.8CVSS6.5AI score0.00322EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/29 7:15 a.m.4 views

CVE-2024-2964

The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the optionpage function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2024/03/29 7:15 a.m.6 views

CVE-2024-2963

The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

4.8CVSS5.9AI score0.00322EPSS
Exploits0References2
NVD
NVD
added 2024/03/29 7:15 a.m.16 views

CVE-2024-2964

The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the optionpage function. This makes it possible for unauthenticated attackers to update the plugin's...

5.4CVSS5.1AI score0.00187EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/29 6:44 a.m.29 views

CVE-2024-2964 Pocket News Generator <= 0.2.0 - Cross-Site Request Forgery to Settings Update

The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the optionpage function. This makes it possible for unauthenticated attackers to update the plugin's...

5.4CVSS5.4AI score0.00187EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.5 views

WordPress Plugin Pocket News Generator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.8CVSS7.6AI score0.00322EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/29 12:0 a.m.4 views

WordPress Plugin Pocket News Generator 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.4CVSS7.9AI score0.00187EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/03/29 12:0 a.m.15 views

WordPress Pocket News Generator Plugin <= 0.2.0 is vulnerable to Cross Site Scripting (XSS)

Software Pocket News Generator Type Plugin Vulnerable versions = 0.2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2963 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 560f4a5e6385 Credits Benedictus Jovan...

4.8CVSS5.8AI score0.00322EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.6 views

PT-2024-22944 · WordPress · Pocket News Generator

Name of the Vulnerable Software and Affected Versions: The Pocket News Generator plugin for WordPress versions up to, and including, 0.2.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the option page function. This allows...

5.4CVSS9.2AI score0.00187EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/28 12:0 a.m.17 views

PT-2024-22943 · WordPress · Pocket News Generator

Name of the Vulnerable Software and Affected Versions: The Pocket News Generator plugin for WordPress versions up to, and including, 0.2.0 Description: The issue is related to Stored Cross-Site Scripting via admin settings, specifically Consumer Key and Access Token, due to insufficient input...

4.8CVSS8AI score0.00322EPSS
Exploits0References5
Rows per page
Query Builder