Lucene search
K

93 matches found

CNNVD
CNNVD
added 2023/07/01 12:0 a.m.6 views

WordPress Plugin Product Catalog Simple 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS5AI score0.00388EPSS
Exploits0References10
OSV
OSV
added 2023/06/07 2:15 a.m.4 views

CVE-2021-4374

The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...

9.8CVSS5.7AI score0.16408EPSS
Exploits3References2
OSV
OSV
added 2023/05/08 2:15 p.m.3 views

CVE-2023-1660

The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard...

6.1CVSS6.4AI score0.00269EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/11/28 12:0 a.m.5 views

WordPress theme Download Theme and plugin translation for Polylang 安全漏洞

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Download Theme and plugin translation for Polylang...

6.5CVSS5.8AI score0.00665EPSS
Exploits0References3
OSV
OSV
added 2022/10/11 11:15 a.m.9 views

CVE-2022-36360

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker t...

7.5CVSS5.7AI score0.00251EPSS
Exploits0References1
Prion
Prion
added 2022/10/11 11:15 a.m.16 views

Design/Logic Flaw

A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker t...

5CVSS7.3AI score0.00251EPSS
Exploits0References1Affected Software2
OSV
OSV
added 2022/09/26 1:15 p.m.6 views

CVE-2022-2987

The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings which are hooked to the init action, allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used t...

7.5CVSS5.8AI score0.0039EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/08/22 12:0 a.m.4 views

PT-2022-16248 · WordPress · Wp Sticky Button

Name of the Vulnerable Software and Affected Versions: WP Sticky Button WordPress plugin versions prior to 1.4.1 Description: The issue concerns a lack of authorization and CSRF checks when saving settings, allowing unauthenticated users to update them. This could also lead to Stored Cross-Site...

5.4CVSS5.4AI score0.00302EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2022/06/22 12:0 a.m.7 views

PT-2022-3097 · Motorola · Motorola Ace1000 Rtu

Name of the Vulnerable Software and Affected Versions: Motorola ACE1000 RTU through 2022-05-02 Description: The issue concerns the mishandling of firmware integrity in the Motorola ACE1000 RTU. Firmware updates can be performed using either the STS software suite or the ACE1000 Easy Configurator...

10CVSS7.3AI score0.00389EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2022/05/23 12:0 a.m.5 views

PT-2022-2807 · Hid · Hid Mercury Intelligent Controllers

Name of the Vulnerable Software and Affected Versions: HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 versions prior to 1.302 for the LP series and 1.296 for the EP series Description: The issue is related to a flaw in the data protection mechanism of the HID Mercu...

10CVSS9.5AI score0.02323EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2022/03/28 6:15 p.m.5 views

CVE-2022-0680

The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue...

6.1CVSS6.3AI score0.00852EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2021/10/25 12:0 a.m.8 views

PT-2021-16273 · WordPress · Wp Debugging

Name of the Vulnerable Software and Affected Versions: WP Debugging WordPress plugin versions prior to 2.11.0 Description: The issue concerns the update settings function, which is hooked to admin init and lacks authorization and CSRF checks. This allows settings to be updated by unauthenticated...

6.5CVSS6.5AI score0.00556EPSS
Exploits2References4
BDU FSTEC
BDU FSTEC
added 2017/12/07 12:0 a.m.8 views

The vulnerability of NPort asynchronous servers, related to deficiencies in authentication procedures, allows attackers to execute arbitrary code.

The vulnerability of Nport asynchronous servers is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by updating the device’s software remotely, without having to go through the authentication process...

10CVSS6AI score0.0719EPSS
Exploits0References3Affected Software18
Rows per page
Query Builder