Lucene search
K

29 matches found

CVE
CVE
added 2024/10/23 7:34 a.m.53 views

CVE-2024-10045

CVE-2024-10045 affects the WordPress plugin Transients Manager (versions

4.3CVSS4.6AI score0.00207EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/10/23 12:0 a.m.3 views

WordPress plugin Transients Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS6.8AI score0.00207EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/23 12:0 a.m.6 views

PT-2024-15993 · WordPress · Transients Manager

Name of the Vulnerable Software and Affected Versions: Transients Manager plugin for WordPress version 2.0.6 and earlier Description: The issue is due to missing or incorrect nonce validation on the process actions function, making it possible for unauthenticated attackers to delete transients vi...

4.3CVSS6.8AI score0.00207EPSS
Exploits0References7
Patchstack
Patchstack
added 2024/10/22 8:16 p.m.5 views

WordPress Transients Manager plugin <= 2.0.6 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by David Gallagher BatFeats in WordPress Plugin Transients Manager versions = 2.0.6...

4.3CVSS7AI score0.00207EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/22 12:0 a.m.11 views

WordPress Transients Manager Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)

Software Transients Manager Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10045 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3cec6ef3dda4 Credits David Gallagher...

4.3CVSS6.6AI score0.00207EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.12 views

The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Missing Authorization

Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the Tpfdeletetransient function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...

8.8CVSS6.7AI score0.0043EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/05 10:16 p.m.3 views

CVE-2024-0835

The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...

4.3CVSS5.9AI score0.00533EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.5 views

PT-2024-15854 · WordPress · The Royal Elementor Kit

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Kit theme for WordPress versions up to, and including, 1.0.116 Description: The issue arises from a missing capability check on the dismissed handler function, allowing authenticated attackers with subscriber access or...

4.3CVSS5.5AI score0.00533EPSS
Exploits0References7
CVE
CVE
added 2022/12/12 5:54 p.m.54 views

CVE-2022-3881

CVE-2022-3881 concerns the WordPress WPTools plugin, affected versions before 3.43. The issue is improper authorization and CSRF in an AJAX action, allowing any authenticated user (e.g., a subscriber) to install and activate arbitrary plugins from wordpress.org. Root cause: missing CSRF/authoriza...

5.7CVSS5.6AI score0.00438EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder