Lucene search
K

13 matches found

NVD
NVD
added 5 hours ago4 views

CVE-2025-66076

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS
Exploits0References1
Cvelist
Cvelist
added 6 hours ago4 views

CVE-2025-66076 WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability

Unauthenticated Broken Access Control in Woostify Sites Library = 1.6.2 versions...

5.3CVSS
Exploits0References1
CVE
CVE
added 6 hours ago5 views

CVE-2025-66076

The CVE concerns WordPress Woostify Sites Library plugin (versions ≤ 1.6.2) with an Unauthenticated Broken Access Control vulnerability. The connected documents confirm the affected product and issue type but do not provide a remediation version or explicit exploit details. No further technical s...

5.3CVSS5.8AI score
Exploits0References1
Patchstack
Patchstack
added 3 days ago4 views

WordPress Woostify Sites Library plugin <= 1.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Woostify Sites Library versions = 1.6.2...

5.3CVSS5.8AI score
Exploits0Affected Software1
NVD
NVD
added 2024/01/29 3:15 p.m.10 views

CVE-2023-6279

The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...

7.1CVSS6.9AI score0.00493EPSS
Exploits2References1
OSV
OSV
added 2024/01/29 3:15 p.m.3 views

CVE-2023-6279

The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...

7.1CVSS7.4AI score0.00493EPSS
Exploits2References1
Prion
Prion
added 2024/01/29 3:15 p.m.22 views

Code injection

The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...

5.5CVSS7AI score0.00493EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/29 2:44 p.m.4 views

CVE-2023-6279 Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS

The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...

6.8AI score0.00493EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/01/29 2:44 p.m.26 views

CVE-2023-6279 Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS

The Woostify Sites Library WordPress plugin before 1.4.8 does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name...

7AI score0.00493EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/01/29 12:0 a.m.4 views

WordPress plugin Woostify Sites Library security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

7.1CVSS6.2AI score0.00493EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.5 views

PT-2024-14923 · WordPress · Woostify Sites Library

Name of the Vulnerable Software and Affected Versions: Woostify Sites Library WordPress plugin versions prior to 1.4.8 Description: The issue concerns a lack of authorization in an AJAX action, allowing any authenticated users to update arbitrary blog options and set them to 'activated'. This cou...

7.1CVSS7.3AI score0.00493EPSS
Exploits2References5
wpexploit
wpexploit
added 2024/01/05 12:0 a.m.166 views

Woostify Sites Library < 1.4.8 - Subscriber+ Arbitrary Options Update to DoS

Description The plugin does not have authorisation in an AJAX action, allowing any authenticated users, such as subscriber to update arbitrary blog options and set them to 'activated' which could lead to DoS when using a specific option name Login as subscriber, open...

7.1CVSS6.7AI score0.00493EPSS
Exploits2
Patchstack
Patchstack
added 2023/03/21 12:0 a.m.14 views

WordPress Woostify Sites Library Plugin <= 1.4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Woostify Sites Library Type Plugin Vulnerable versions = 1.4.3 Fixed in 1.4.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47150 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4828367192f4 Credits István Márto...

5.8AI score0.00113EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder