Lucene search
+L

1352 matches found

Prion
Prion
added 2023/03/07 4:15 p.m.24 views

Design/Logic Flaw

The NEX-Forms. plugin for WordPress is vulnerable to unauthorized disclosure and modification of data in versions up to, and including 7.7.1 due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber level permissions and above to...

6.5CVSS6AI score0.00554EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/07 3:15 p.m.8 views

CVE-2022-4931

The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...

4.3CVSS5.8AI score0.00458EPSS
Exploits0References2
NVD
NVD
added 2023/03/07 3:15 p.m.25 views

CVE-2022-4931

The BackupWordPress plugin for WordPress is vulnerable to information disclosure in versions up to, and including 3.12. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...

4.3CVSS4.2AI score0.00458EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/03/07 3:15 p.m.4 views

CVE-2022-4932

The Total Upkeep plugin for WordPress is vulnerable to information disclosure in versions up to, and including 1.14.13. This is due to missing authorization on the heartbeatreceived function that triggers on WordPress heartbeat. This makes it possible for authenticated attackers, with...

4.3CVSS5.9AI score0.00572EPSS
Exploits0References3
NVD
NVD
added 2023/03/07 2:15 p.m.13 views

CVE-2020-36668

The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to sensitive information disclosure in versions up to, and including, 1.4.0 due to a lack of proper capability checking on the backupguardgetmanualmodal function called via an AJAX action. This makes it possible for...

4.3CVSS4.2AI score0.00639EPSS
Exploits0References3
Prion
Prion
added 2023/02/28 1:15 p.m.23 views

Design/Logic Flaw

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

4CVSS4.3AI score0.00576EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/02/28 12:56 p.m.11 views

CVE-2023-1022 WP Meta SEO <= 4.5.3 - Missing Authorization in 'wpmsGGSaveInformation'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized options update due to a missing capability check on the wpmsGGSaveInformation function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to update google...

5.4CVSS6.6AI score0.00559EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/28 12:56 p.m.8 views

CVE-2023-1023 WP Meta SEO <= 4.5.3 - Missing Authorization in 'saveSitemapSettings'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change...

5.4CVSS6.6AI score0.00538EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/02/28 12:56 p.m.8 views

CVE-2023-1024 WP Meta SEO <= 4.5.3 - Missing Authorization in 'regenerateSitemaps'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps...

4.3CVSS6.6AI score0.00538EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/02/28 12:55 p.m.31 views

CVE-2023-1026 WP Meta SEO <= 4.5.3 - Missing Authorization in 'listPostsCategory'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the listPostsCategory function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to get post listings by...

4.3CVSS4.6AI score0.00576EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/02/28 12:54 p.m.28 views

CVE-2023-1027 WP Meta SEO <= 4.5.3 - Missing Authorization in 'checkAllCategoryInSitemap'

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the checkAllCategoryInSitemap function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to obtain post...

4.3CVSS4.5AI score0.00486EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.4 views

CVE-2023-0716

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxeditfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
OSV
OSV
added 2023/02/08 2:15 a.m.9 views

CVE-2023-0720

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolderorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

4.3CVSS5.8AI score0.00576EPSS
Exploits0References3
OSV
OSV
added 2023/02/08 2:15 a.m.8 views

CVE-2023-0716

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxeditfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

4.3CVSS6.5AI score0.00576EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.4 views

CVE-2023-0717

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke th...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.4 views

CVE-2023-0715

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxclonefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.2 views

CVE-2023-0684

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxunassignfolders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/02/08 1:11 a.m.11 views

CVE-2023-0715 Wicked Folders <= 2.18.16 - Missing Authorization on ajax_clone_folder

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxclonefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...

5.4CVSS6.6AI score0.00576EPSS
Exploits0References3
Prion
Prion
added 2023/02/08 12:15 a.m.19 views

Authorization

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

4CVSS4.4AI score0.00588EPSS
Exploits0References3Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/02/07 11:15 p.m.3 views

CVE-2023-0712

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxmoveobject function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS5.9AI score0.00601EPSS
Exploits0References4
Rows per page
Query Builder