Lucene search
K

363 matches found

Prion
Prion
added 2023/10/28 12:15 p.m.12 views

Design/Logic Flaw

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions in versions up to, and including, 1.2.0. This makes it possible for...

5CVSS7.5AI score0.00468EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/10/28 11:6 a.m.30 views

CVE-2023-5426 Post Meta Data Manager <=1.2.0 - Missing Authorization to User, Term, and Post Meta Deletion

The Post Meta Data Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pmdmwpdeleteusermeta, pmdmwpdeletetermmeta, and pmdmwpajaxdeletemeta functions in versions up to, and including, 1.2.0. This makes it possible for...

7.5CVSS7.5AI score0.00468EPSS
Exploits0References2
CVE
CVE
added 2023/10/28 11:6 a.m.55 views

CVE-2023-5426

CVE-2023-5426 affects the WordPress plugin Post Meta Data Manager (versions ≤ 1.2.0). A missing capability check in functions pmdm_wp_delete_user_meta, pmdm_wp_delete_term_meta, and pmdm_wp_ajax_delete_meta allows unauthenticated attackers to delete user, term, and post meta belonging to arbitrar...

7.5CVSS7.5AI score0.00468EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/10/28 12:0 a.m.14 views

WordPress plugin Post Meta Data Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

8.8CVSS6.8AI score0.00536EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/10/28 12:0 a.m.2 views

WordPress plugin Post Meta Data Manager security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

7.5CVSS6.7AI score0.00468EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.4 views

PT-2023-6743 · WordPress · Post Meta Data Manager

Name of the Vulnerable Software and Affected Versions: Post Meta Data Manager plugin for WordPress versions up to, and including, 1.2.0 Description: The issue is related to incorrect authorization procedures in the pmdm wp delete user meta, pmdm wp delete term meta, and pmdm wp ajax delete meta...

7.8CVSS7.8AI score0.00468EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.8 views

PT-2023-6744 · WordPress · Post Meta Data Manager

Name of the Vulnerable Software and Affected Versions: Post Meta Data Manager plugin for WordPress version 1.2.0 and earlier Description: The issue is related to a missing capability check on the pmdm wp change user meta and pmdm wp change post meta functions. This allows authenticated attackers...

9CVSS9AI score0.00536EPSS
Exploits0References10
Patchstack
Patchstack
added 2023/10/27 12:0 a.m.17 views

WordPress Post Meta Data Manager Plugin <= 1.2.0 is vulnerable to Broken Access Control

Software Post Meta Data Manager Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-5426 Patch priority Medium CVSS severity Medium 7.5 Developer Claim ownership PSID a003d34ca1b2 Credits Francesco Carlucc...

7.5CVSS6.5AI score0.00468EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/10/20 8:15 a.m.22 views

CVE-2020-36758

The RSS Aggregator by Feedzy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.2. This is due to missing or incorrect nonce validation on the savefeedzyposttypemeta function. This makes it possible for unauthenticated attackers to update post...

4.3CVSS4.2AI score0.00397EPSS
Exploits1References9
NVD
NVD
added 2023/07/01 6:15 a.m.16 views

CVE-2021-4396

The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the savercpostmeta function. This makes it possible for unauthenticated attackers to save post meta via a forged request grant...

4.3CVSS4.2AI score0.00393EPSS
Exploits0References9
OSV
OSV
added 2023/07/01 6:15 a.m.2 views

CVE-2021-4396

The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the savercpostmeta function. This makes it possible for unauthenticated attackers to save post meta via a forged request grant...

4.3CVSS5.6AI score0.00393EPSS
Exploits0References9
OSV
OSV
added 2023/06/07 2:15 a.m.5 views

CVE-2021-4351

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible for...

5.3CVSS5.8AI score0.00684EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/06/07 1:51 a.m.32 views

CVE-2021-4351 Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change

The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible for...

5.8CVSS5.9AI score0.00684EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2023/06/07 12:0 a.m.5 views

PT-2023-12460 · WordPress · Frontend File Manager

Name of the Vulnerable Software and Affected Versions: Frontend File Manager plugin for WordPress versions up to and including 18.2 Description: The issue arises from lacking authentication protections, capability checks, and sanitization on the wpfm file meta update AJAX action. This allows...

5.8CVSS5.5AI score0.00684EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2023/05/31 12:0 a.m.4 views

PT-2023-17152 · WordPress · Display Post Meta

Name of the Vulnerable Software and Affected Versions: Display post meta, term meta, comment meta, and user meta plugin for WordPress versions up to, and including, 0.4.1 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with...

6.4CVSS6.3AI score0.00368EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2023/05/25 12:0 a.m.16 views

Google Map Shortcode <= 3.1.2 - Contributor+ Stored XSS

The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admin PoC Note: The...

5.4CVSS8.3AI score0.00444EPSS
Exploits2Affected Software1
OSV
OSV
added 2023/02/06 8:15 p.m.4 views

CVE-2023-0144

The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS6.1AI score0.00477EPSS
Exploits2References1
OSV
OSV
added 2023/01/19 3:15 p.m.4 views

CVE-2023-0403

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

5.4CVSS5.9AI score0.00374EPSS
Exploits2References2
NVD
NVD
added 2023/01/19 3:15 p.m.34 views

CVE-2023-0403

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

5.4CVSS5.2AI score0.00374EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2023/01/19 3:15 p.m.3 views

CVE-2023-0403

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

5.4CVSS6AI score0.00374EPSS
Exploits2References3
Rows per page
Query Builder