Lucene search
K

347 matches found

CNNVD
CNNVD
added 2024/02/05 12:0 a.m.5 views

WordPress plugin Display custom fields in the frontend Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.3CVSS6.8AI score0.00472EPSS
Exploits0References3
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.20 views

Contact Form 7 – Dynamic Text Extension < 4.2.0 - Insecure Direct Object Reference

Description The plugin is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for authenticated attackers with contributor...

4.3CVSS6.7AI score0.00349EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/01/11 7:15 a.m.20 views

CVE-2023-6223

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

4.3CVSS4.3AI score0.00347EPSS
Exploits0References2
Prion
Prion
added 2024/01/11 7:15 a.m.22 views

Input validation

The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. This makes it possible for authenticated attackers,...

4CVSS6.8AI score0.00347EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2024/01/11 5:15 a.m.24 views

CVE-2023-6630

The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7getcustomfield and CF7getcurrentuser shortcodes due to missing validation on a user controlled key. This makes it possible for...

4.3CVSS4.4AI score0.00349EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/11/06 12:0 a.m.3 views

Netskope Security Vulnerability

Netskope is a threat protection gateway for cloud environments from US-based Netskope. A security vulnerability exists in Netskope Client R100 and prior versions, which stems from a Windows ServiceController call to user control code that does not validate the privileges associated with the user...

8.8CVSS6.9AI score0.0038EPSS
Exploits0References2
Prion
Prion
added 2023/10/16 9:15 a.m.22 views

Design/Logic Flaw

Grafana is an open-source platform for monitoring and observability. The vulnerability impacts Grafana instances with several organizations, and allows a user with Organization Admin permissions in one organization to change the permissions associated with Organization Viewer, Organization Editor...

5.8CVSS6.8AI score0.01074EPSS
Exploits0References2Affected Software1
Huntr
Huntr
added 2023/10/14 8:28 p.m.39 views

Privilege Escalation to admin from any other users

Description By default, hestiacp creates a default fpm configuration that runs php-fpm service as the www-data user common socket. Also another php-fpm service runs from admin user and www-data group unix-socket. That allows any user upload php-file into /tmp dir, then run that script from...

7.1AI score0.00285EPSS
Exploits1
CNNVD
CNNVD
added 2023/10/10 12:0 a.m.4 views

Fortinet FortiManager Security Vulnerability

Fortinet FortiManager is a centralized network security management platform from Fortinet. The platform supports centralized management of any number of Fortinet devices and the ability to group devices into different administrative domains ADOMs to further simplify multi-device security deployme...

6.5CVSS6.4AI score0.00872EPSS
Exploits0References5
CNNVD
CNNVD
added 2023/09/27 12:0 a.m.2 views

Usta AYBS Security Breach

Usta AYBS is an application from Usta. A security vulnerability exists in Usta AYBS versions prior to 1.0.3 that stems from a user control key vulnerability in Usta AYBS that leads to an authorization bypass, allowing authentication misuse, and authentication bypass...

8.8CVSS6.9AI score0.00949EPSS
Exploits0References2
Prion
Prion
added 2023/09/13 3:15 a.m.20 views

Input validation

The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function in the WP User Control Widget. The functi...

5CVSS5.6AI score0.00377EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2023/09/13 2:54 a.m.56 views

CVE-2023-4915

CVE-2023-4915 concerns the WP User Control WordPress plugin. The vulnerability stems from using native password-reset functionality with insufficient validation in the WP User Control Widget, allowing unauthorized password resets for versions up to and including 1.5.3. The attacker can initiate a...

5.3CVSS5.7AI score0.00377EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/13 2:54 a.m.6 views

CVE-2023-4915 WP User Control <= 1.5.3 - Insecure Password Reset Mechanism

The WP User Control plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 1.5.3. This is due to the plugin using native password reset functionality, with insufficient validation on the password reset function in the WP User Control Widget. The functi...

5.3CVSS6.7AI score0.00377EPSS
Exploits0References2
Patchstack
Patchstack
added 2023/09/13 12:0 a.m.18 views

WordPress WP User Control Plugin <= 1.5.3 is vulnerable to Other Vulnerability Type

Software WP User Control Type Plugin Vulnerable versions = 1.5.3 Fixed in N/A OWASP Top 10 A4: Insecure Design Classification Other Vulnerability Type CVE CVE-2023-4915 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 5604d612e4e9 Credits Lana Codes Required privilege...

5.3CVSS6.8AI score0.00377EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2023/09/13 12:0 a.m.5 views

WordPress plugin WP User Control security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

5.3CVSS6.8AI score0.00377EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.6 views

PT-2023-31069 · WordPress · Wp User Control

Name of the Vulnerable Software and Affected Versions: WP User Control plugin for WordPress versions up to, and including 1.5.3 Description: The issue arises from the plugin's use of native password reset functionality with insufficient validation on the password reset function in the WP User...

5.3CVSS6AI score0.00377EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2023/09/11 11:0 a.m.25 views

Google Chrome Rolls Out Support for 'Privacy Sandbox' to Bid Farewell to Tracking Cookies

Google has officially begun its rollout of Privacy Sandbox in the Chrome web browser to a majority of its users, nearly four months after it announced the plans. "We believe it is vital to both improve privacy and preserve access to information, whether it's news, a how-to-guide, or a fun video,"...

6.5AI score
Exploits0
Prion
Prion
added 2023/08/24 11:15 p.m.14 views

Design/Logic Flaw

A user able to control file input to Gerbv, between versions 2.4.0 and 2.10.0, can cause a crash and cause denial-of-service with a specially crafted Gerber RS-274X file...

1.9CVSS5.6AI score0.00308EPSS
Exploits1References3Affected Software1
Veracode
Veracode
added 2023/08/06 6:28 a.m.18 views

Authorization Bypass

gitlab is vulnerable to Authorization Bypasses. This vulnerability occurs when a user with write access to an issue can remove another user from the issue. This could allow the attacker to take control of the application...

4.3CVSS6.8AI score0.00407EPSS
Exploits0References3Affected Software1
The Hacker News
The Hacker News
added 2023/07/10 12:57 p.m.36 views

New Mozilla Feature Blocks Risky Add-Ons on Specific Websites to Safeguard User Security

Mozilla has announced that some add-ons may be blocked from running on certain sites as part of a new feature called Quarantined Domains. "We have introduced a new back-end feature to only allow some extensions monitored by Mozilla to run on specific websites for various reasons, including securi...

8.8AI score
Exploits0
Rows per page
Query Builder