Lucene search
+L

31 matches found

Patchstack
Patchstack
added 2021/09/20 12:0 a.m.19 views

WordPress Essential Content Types plugin <= 1.8.6 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Essential Content Types plugin versions = 1.8.6. Solution Update the WordPress Essential Content Types plugin to the latest available version at least 1.9...

5.7CVSS3.5AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.16 views

WordPress Catch Import Export plugin <= 1.8 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Import Export plugin versions = 1.8. Solution Update the WordPress Catch Import Export plugin to the latest available version at least 1.9...

5.7CVSS3.1AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.87 views

WordPress Catch Sticky Menu plugin <= 1.6.3 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Sticky Menu plugin versions = 1.6.3. Solution Update the WordPress Catch Sticky Menu plugin to the latest available version at least 1.7...

5.7CVSS3AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.29 views

WordPress Essential Widgets plugin <= 1.8 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Essential Widgets plugin versions = 1.8. Solution Update the WordPress Essential Widgets plugin to the latest available version at least 1.9...

5.7CVSS3.5AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.21 views

WordPress To Top plugin <= 2.2.2 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress To Top plugin versions = 2.2.2. Solution Update the WordPress To Top plugin to the latest available version at least 2.3...

5.7CVSS2.5AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.19 views

WordPress Catch Under Construction plugin <= 1.3.4 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Under Construction plugin versions = 1.3.4. Solution Update the WordPress Catch Under Construction plugin to the latest available version at least 1.4...

5.7CVSS3.3AI score0.00408EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/09/20 12:0 a.m.17 views

WordPress Catch Scroll Progress Bar plugin <= 1.5 - Unauthorized Plugin Setting Change vulnerability

Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Scroll Progress Bar plugin versions = 1.5. Solution Update the WordPress Catch Scroll Progress Bar plugin to the latest available version at least 1.6...

5.7CVSS2.6AI score0.00408EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/09/15 12:0 a.m.18 views

Compact WP Audio Player < 1.9.7 - Setting Change via CSRF

The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack. PoC...

6.5CVSS4.2AI score0.00553EPSS
Exploits2Affected Software1
Cvelist
Cvelist
added 2017/11/17 12:0 a.m.28 views

CVE-2017-1000224

CSRF in YouTube WordPress plugin could allow unauthenticated attacker to change any setting within the plugin...

6.5AI score0.00524EPSS
Exploits1References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2016/04/04 6:30 a.m.4 views

AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery

Overview AQUOS Photo Player HN-PP150 provided by Sharp Corporation contains a cross-site request forgery vulnerability CWE-352. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...

5.8CVSS6.5AI score0.00763EPSS
Exploits0References5
Hacker One
Hacker One
added 2015/02/05 2:57 p.m.21 views

Slack: Team admin can change unauthorized team setting (allow_message_deletion)

Team admin can escalate his privileges and change 'allowmessagedeletion' team setting, which can be changed only by a team owner. Steps to reproduce: 1. Log in as team admin. 2. Send the below request using his cookie & token and notice that it changes 'allowmessagedeletion' team setting to true...

0.3AI score
Exploits0
Rows per page
Query Builder