Lucene search
K

71 matches found

Patchstack
Patchstack
added 2025/02/18 11:40 p.m.5 views

WordPress WordPress Portfolio Builder plugin <= 1.1.7 - Missing Authorization to Unauthenticated Portfolio Update vulnerability

Missing Authorization to Unauthenticated Portfolio Update vulnerability discovered by shaman0x01 in WordPress Plugin WordPress Portfolio Builder – Portfolio Gallery versions = 1.1.7...

5.3CVSS7AI score0.00449EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/01/31 10:51 p.m.4 views

WordPress AnimateGL Animations for WordPress – Elementor & Gutenberg Blocks Animations plugin <= 1.4.23 - Missing Authorization to Unauthenticated Settings Update vulnerability

Missing Authorization to Unauthenticated Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin AnimateGL - Advanced Animation Plugin for WordPress versions = 1.4.23...

5.3CVSS7AI score0.00295EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/10/10 5:15 p.m.5 views

WordPress Linkz.ai plugin <= 1.1.8 - Missing Authorization to Unauthenticated Plugin Settings Update vulnerability

Missing Authorization to Unauthenticated Plugin Settings Update vulnerability discovered by István Márton in WordPress Plugin Linkz.ai versions = 1.1.8...

6.5CVSS7AI score0.00435EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/20 12:14 a.m.3 views

WordPress GiveWP plugin <= 3.13.0 - Missing Authorization to Unauthenticated Event Settings Update vulnerability

Missing Authorization to Unauthenticated Event Settings Update vulnerability discovered by villu164 in WordPress Plugin GiveWP versions = 3.13.0...

6.5CVSS7AI score0.00466EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/17 5:27 p.m.5 views

WordPress Ibtana plugin <= 1.2.3.3 - Unauthenticated Plugin Settings Update vulnerability

Unauthenticated Plugin Settings Update vulnerability discovered by Peter Thaleikis in WordPress Plugin Ibtana versions = 1.2.3.3...

5.3CVSS7AI score0.0046EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/05/05 11:29 p.m.10 views

WordPress Swift Framework plugin <= 2.7.31 - Missing Authorization to Unauthenticated Arbitrary Content Update vulnerability

Missing Authorization to Unauthenticated Arbitrary Content Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Swift Framework versions = 2.7.31...

5.3CVSS7AI score0.00377EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:46 a.m.5 views

WordPress Relevanssi Premium plugin <= 2.25.1 - Missing Authorization to Unauthenticated Count Option Update vulnerability

Missing Authorization to Unauthenticated Count Option Update vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Relevanssi Premium versions = 2.25.1...

8.2CVSS7AI score0.0081EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/04/05 12:45 a.m.6 views

WordPress Relevanssi plugin <= 4.22.1 - Missing Authorization to Unauthenticated Count Option Update vulnerability

Missing Authorization to Unauthenticated Count Option Update vulnerability discovered by Thura Moe Myint mgthuramoemyint in WordPress Plugin Relevanssi versions = 4.22.1...

8.2CVSS7AI score0.0081EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/12 10:15 a.m.3 views

CVE-2023-4628

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflowsavehook function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflowhookconfigs' option via a forged request...

4.3CVSS5.6AI score0.0021EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/01/10 12:0 a.m.24 views

EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update

Description The plugins do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata. Note: Such issue could lead to Unauthenticated Stored XSS due to the lack of sanitisation in...

6.1CVSS5.9AI score0.00373EPSS
Exploits1Affected Software1
WPVulnDB
WPVulnDB
added 2023/12/13 12:0 a.m.18 views

CAOS < 4.7.15 - Unauthenticated Settings Update

Description The plugin does not have authorisation check when updating its settings, which could allow unauthenticated users to update them...

6.5CVSS6.8AI score0.00542EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2023/07/01 6:15 a.m.4 views

CVE-2021-4401

The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...

8.8CVSS5.6AI score0.00536EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/07/01 12:0 a.m.4 views

PT-2023-12510 · WordPress · Amministrazione Trasparente

Name of the Vulnerable Software and Affected Versions: Amministrazione Trasparente plugin for WordPress versions up to, and including, 7.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the at save aturl meta function. This allows...

8.8CVSS4.4AI score0.00393EPSS
Exploits0References12
OSV
OSV
added 2023/06/07 2:15 a.m.4 views

CVE-2020-36731

The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...

6.1CVSS5.8AI score0.01342EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2023/06/07 1:51 a.m.9 views

CVE-2020-36731 Flexible Checkout Fields for WooCommerce <= 2.3.1 - Unauthenticated Arbitrary Plugin Settings Update

The Flexible Checkout Fields for WooCommerce plugin for WordPress is vulnerable to Unauthenticated Arbitrary Plugin Settings update, in addition to Stored Cross-Site Scripting in versions up to, and including, 2.3.1. This is due to missing authorization checks on the updateSettingsAction function...

7.2CVSS6.4AI score0.01342EPSS
Exploits1References3
CNNVD
CNNVD
added 2022/11/16 12:0 a.m.4 views

BACKCLICK 路径遍历漏洞

BACKCLICK is a marketing software from BACKCLICK Germany that helps organizations create, implement, measure and run web-based email campaigns. A security vulnerability exists in BACKCLICK Professional version 5.9.63 that stems from improper validation or cleanup of uploaded filenames, where an...

9.8CVSS8.2AI score0.01877EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2022/08/25 12:0 a.m.18 views

Alphabetic Pagination < 3.0.8 - Unauthenticated Arbitrary Option Update

The plugin does not have any proper authorisation in place when updating some settings via a REST endpoint, and does not ensure that the options to be updated belong to the plugin. As a result, unauthenticated attackers could update arbitrary option from the blog and allow registration with a...

4.2AI score
Exploits0Affected Software1
Positive Technologies
Positive Technologies
added 2022/07/21 12:0 a.m.6 views

PT-2022-22178 · WordPress · Shortcode Addons

Name of the Vulnerable Software and Affected Versions: biplob018's Shortcode Addons plugin versions 3.0.2 and earlier Description: The issue is related to an Unauthenticated Arbitrary Option Update vulnerability. This allows for unauthorized modifications to options. Recommendations: For versions...

9.8CVSS5.1AI score0.02654EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2022/05/10 5:52 p.m.392 views

Exploit for Download of Code Without Integrity Check in Emcosoftware Msi_Package_Builder

CVE-2022-28944 EMCO Software Multiple Products Unauthenticat...

8.8CVSS9AI score0.01689EPSS
Exploits2
ATTACKERKB
ATTACKERKB
added 2022/05/02 4:15 p.m.4 views

CVE-2022-0952

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as...

8.8CVSS7.7AI score0.13329EPSS
Exploits2References3
Rows per page
Query Builder