Lucene search
K

50 matches found

Patchstack
Patchstack
added 2024/04/02 2:2 a.m.4 views

WordPress SecuPress plugin <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address vulnerability

Cross-Site Request Forgery to Banned IP Address vulnerability discovered by Lucio Sá in WordPress Plugin SecuPress Free versions = 2.2.5.1...

4.3CVSS7AI score0.00261EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/02 12:0 a.m.4 views

PT-2024-18097 · WordPress · Secupress Free

Name of the Vulnerable Software and Affected Versions: SecuPress Free — WordPress Security plugin versions up to, and including, 2.2.5.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the secupress blackhole ban ip function. This...

4.3CVSS9.3AI score0.00261EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/04/02 12:0 a.m.8 views

WordPress SecuPress Free Plugin <= 2.2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software SecuPress Free Type Plugin Vulnerable versions = 2.2.5.1 Fixed in 2.2.5.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1504 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e3f0f4ee5647 Credits Lucio Sá Required...

4.3CVSS6.6AI score0.00261EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/04/02 12:0 a.m.5 views

WordPress Plugin SecuPress Free — WordPress Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin SecuPress Free - A securit...

4.3CVSS8.3AI score0.00261EPSS
Exploits0References4
WPVulnDB
WPVulnDB
added 2024/04/01 12:0 a.m.20 views

SecuPress Free — WordPress Security < 2.2.5.2 - Cross-Site Request Forgery to Banned IP Address

Description The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for...

4.3CVSS6.8AI score0.00261EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2021/04/21 12:0 a.m.8 views

WordPress iThemes Security Pro premium plugin <= 6.8.3 - Hide Backend Bypass vulnerability

Hide Backend Bypass vulnerability discovered by Julio Potier SecuPress in WordPress iThemes Security Pro premium plugin versions = 6.8.3. Solution Update the WordPress iThemes Security Pro premium plugin to the latest available version at least 6.8.4...

2.3AI score
Exploits0References1Affected Software1
wpexploit
wpexploit
added 2021/04/21 12:0 a.m.319 views

iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) - Hide Backend Bypass

Both the iThemes Security free and pro versions were affected. - Patched in Version iThemes Security: 7.9.1 - Patched in Version iThemes Security Pro: 6.8.4 The bug allowed attackers to bypass the "Hide Backend" feature, that, when enabled, hides the WordPress wp-login.php and wp-admin pages...

7.4AI score
Exploits0References2
Patchstack
Patchstack
added 2021/04/21 12:0 a.m.15 views

WordPress iThemes Security plugin <= 7.9.0 - Hide Backend Bypass vulnerability

Hide Backend Bypass vulnerability discovered by Julio Potier SecuPress in WordPress iThemes Security plugin versions = 7.9.0. Solution Update the WordPress iThemes Security plugin to the latest available version at least 7.9.1...

1.9AI score
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/03/23 12:0 a.m.10 views

SecuPress < 2.0 - Unauthenticated Arbitrary IP Ban

The SecuPress WordPress plugin, both free and pro, versions less than 2.0, were affected by a flaw that allowed unauthenticated users to ban any IP on a site that had the plugin installed, making it impossible for them to visit the site. Effectively causing a Denial of Service DoS to the banned I...

4.7AI score
Exploits0References1Affected Software2
Patchstack
Patchstack
added 2020/06/03 12:0 a.m.10 views

WordPress Newspaper premium theme <= 10.3.3 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability

Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Julio Potier Secupress in WordPress Newspaper premium theme versions = 10.3.3. Solution Update the WordPress Newspaper premium theme to the latest available version at least 10.3.4...

2.3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder