Lucene search
K

80 matches found

NVD
NVD
added 2023/06/09 6:15 a.m.32 views

CVE-2023-1016

The Intuitive Custom Post Order plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.1.4.1, due to insufficient escaping on the user supplied 'objects' and 'tags' parameters and lack of sufficient preparation in the 'updateoptions' function as well as the...

7.2CVSS6.7AI score0.00971EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/09 12:0 a.m.16 views

PT-2023-16691 · WordPress · Intuitive Custom Post Order

Name of the Vulnerable Software and Affected Versions: Intuitive Custom Post Order plugin for WordPress versions up to, and including, 3.1.3 Description: The issue arises from insufficient escaping on the user-supplied objects and tags parameters and a lack of sufficient preparation in the update...

7.2CVSS7.1AI score0.00971EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/06/03 2:15 a.m.4 views

CVE-2023-0584

The VK Blocks plugin for WordPress is vulnerable to improper authorization via the REST 'updateoptions' function in versions up to, and including, 1.57.0.5. This allows authenticated attackers, with contributor-level permissions or above, to change the 'vkfontawesomeversion' option to an arbitrar...

4.3CVSS6.7AI score0.00508EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/06/03 12:0 a.m.9 views

PT-2023-16383 · WordPress · Vk Blocks

Name of the Vulnerable Software and Affected Versions: VK Blocks plugin for WordPress versions up to, and including, 1.57.0.5 Description: The issue concerns improper authorization via the REST update options function. This allows authenticated attackers with contributor-level permissions or abov...

4.3CVSS5.6AI score0.00508EPSS
Exploits0References6
OSV
OSV
added 2023/04/17 1:15 p.m.7 views

CVE-2023-0889

Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...

6.5CVSS7AI score0.00301EPSS
Exploits2References1
OSV
OSV
added 2022/11/07 10:15 a.m.5 views

CVE-2022-3451

The Product Stock Manager WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks in multiple AJAX actions, allowing users with a role as low as subscriber to call them. One action in particular could allow to update arbitrary options...

4.3CVSS5.9AI score0.00264EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/11/07 12:0 a.m.7 views

PT-2022-22186 · WordPress · Product Stock Manager

Name of the Vulnerable Software and Affected Versions: Product Stock Manager WordPress plugin version 1.0.4 and earlier Description: The issue affects the Product Stock Manager WordPress plugin, where multiple AJAX actions lack proper authorization and CSRF checks. This allows users with a role a...

4.3CVSS4.7AI score0.00264EPSS
Exploits2References5
CNNVD
CNNVD
added 2022/10/11 12:0 a.m.7 views

WordPress plugin Profile Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

4.3CVSS5AI score0.0024EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2022/08/08 2:15 p.m.6 views

CVE-2022-1323

The Discy WordPress theme before 5.0 lacks authorization checks then processing ajax requests to the discyupdateoptions action, allowing any logged in users with privileges as low as Subscriber, to change Theme options by sending a crafted POST request...

6.5CVSS6.5AI score0.00645EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/08/08 12:0 a.m.13 views

PT-2022-13797 · WordPress · Discy

Name of the Vulnerable Software and Affected Versions: Discy WordPress theme versions prior to 5.0 Description: The issue allows any logged-in users, with privileges as low as Subscriber, to change theme options by sending a crafted POST request to the "discy update options" action due to a lack ...

6.5CVSS6.4AI score0.00645EPSS
Exploits2References5
OSV
OSV
added 2022/05/02 4:15 p.m.4 views

CVE-2022-0952

The Sitemap by click5 WordPress plugin before 1.0.36 does not have authorisation and CSRF checks when updating options via a REST endpoint, and does not ensure that the option to be updated belongs to the plugin. As a result, unauthenticated attackers could change arbitrary blog options, such as...

8.8CVSS7.4AI score0.13329EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/05/02 12:0 a.m.6 views

PT-2022-6789 · Click5 · Sitemap

Name of the Vulnerable Software and Affected Versions: Sitemap by click5 WordPress plugin versions prior to 1.0.36 Description: The issue is related to the lack of authorization and CSRF checks when updating options via a REST endpoint, and the failure to ensure that the option to be updated...

10CVSS8.6AI score0.13329EPSS
Exploits2References9
CNNVD
CNNVD
added 2022/01/18 12:0 a.m.6 views

WordPress plugin 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an open source application plugin for WordPress. The WordPress plugin suffers from a cross-site reques...

8.8CVSS8.1AI score0.0082EPSS
Exploits2References6
The Hacker News
The Hacker News
added 2021/09/23 11:16 a.m.70 views

Why You Should Consider QEMU Live Patching

Sysadmins know what the risks are of running unpatched services. Given the choice, and unlimited resources, most hardworking administrators will ensure that all systems and services are patched consistently. But things are rarely that simple. Technical resources are limited, and patching can ofte...

7.7CVSS7.1AI score0.15275EPSS
Exploits1
wpexploit
wpexploit
added 2021/07/14 12:0 a.m.156 views

Current Book <= 1.0.1 - Authenticated Stored Cross-Site Scripting (XSS)

The plugin does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue. 1. Install WordPress 5.7.2 2. Install and activate Custom Book 3...

3.5CVSS5.2AI score0.0062EPSS
Exploits2References1
OSV
OSV
added 2019/08/09 2:15 p.m.3 views

CVE-2019-14796

The mq-woocommerce-products-price-bulk-edit aka Woocommerce Products Price Bulk Edit plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=updateoptions showproductspagelimit parameter...

5.4CVSS6.1AI score0.01035EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2019/08/09 12:0 a.m.5 views

PT-2019-13841 · Woocommerce · Mq-Woocommerce-Products-Price-Bulk-Edit

Name of the Vulnerable Software and Affected Versions: mq-woocommerce-products-price-bulk-edit plugin version 2.0 Description: The issue allows for XSS via the "wp-admin/admin-ajax.php?action=update options" API endpoint, specifically through the show products page limit parameter. Recommendation...

5.4CVSS5.2AI score0.01035EPSS
Exploits1References5
OSV
OSV
added 2019/01/27 2:29 a.m.5 views

CVE-2019-6703

Incorrect access control in miglaajaxfunctions.php in the Calmar Webmedia Total Donations plugin through 2.0.5 for WordPress allows unauthenticated attackers to update arbitrary WordPress option values, leading to site takeover. These attackers can send requests to wp-admin/admin-ajax.php to call...

9.8CVSS7.3AI score
Exploits0References2
Prion
Prion
added 2014/09/26 9:55 p.m.12 views

Cross site scripting

Cross-site scripting XSS vulnerability in the Easy MailChimp Forms plugin 3.0 through 5.0.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via the updateoptions action to wp-admin/admin-ajax.php...

4.3CVSS6.2AI score0.0195EPSS
Exploits1References2Affected Software1
Redos
Redos
added 1976/01/01 12:0 a.m.17 views

ROS-2-2353

2.2353 Notice of Update for RED OS Operating System RU.29926343.02.01-25 REDO SOFT LLC announces that the testing process for RED OS 8 has been completed, and the certified distribution version of RED OS 8 is now available. If you have questions regarding the purchase of a new installation kit...

5.8AI score
Exploits0
Rows per page
Query Builder