Lucene search
K

292 matches found

OSV
OSV
added 2024/08/26 9:15 p.m.7 views

CVE-2024-43336

Cross-Site Request Forgery CSRF vulnerability in WP User Manager.This issue affects WP User Manager: from n/a through 2.9.10...

4.3CVSS5.8AI score0.00174EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/26 8:34 p.m.25 views

CVE-2024-43336 WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP User Manager WP User Manager wp-user-manager.This issue affects WP User Manager: from n/a through = 2.9.10...

4.3CVSS5.1AI score0.00174EPSS
Exploits0References1
CVE
CVE
added 2024/08/26 8:34 p.m.67 views

CVE-2024-43336

WP User Manager plugin for WordPress is affected by a Cross-Site Request Forgery (CSRF) vulnerability, impacting versions up to and including 2.9.10. The issue enables unintended actions on a user’s account via CSRF, per Red Hat and other vulnerability sources. The CVSS score in the initial data ...

4.3CVSS5.9AI score0.00174EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/08/26 12:0 a.m.5 views

WordPress plugin WP User Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

4.3CVSS6.5AI score0.00174EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/26 12:0 a.m.6 views

PT-2024-30502 · WordPress · Wp User Manager

Name of the Vulnerable Software and Affected Versions: WP User Manager versions through 2.9.10 Description: A Cross-Site Request Forgery CSRF issue affects the WP User Manager plugin. This allows an attacker to perform unintended actions on a user's account. Users are urged to check for updates a...

4.3CVSS6.8AI score0.00174EPSS
Exploits0References6
Patchstack
Patchstack
added 2024/08/16 1:37 p.m.6 views

WordPress WP User Manager – User Profile Builder & Membership plugin <= 2.9.10 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin WP User Manager versions = 2.9.10...

4.3CVSS7AI score0.00174EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/16 12:0 a.m.17 views

WordPress WP User Manager Plugin <= 2.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP User Manager Type Plugin Vulnerable versions = 2.9.10 Fixed in 2.9.11 OWASP Top 10 A4: Insecure Design Classification Cross Site Request Forgery CSRF CVE CVE-2024-43336 Patch priority Low CVSS severity Low 4.3 Developer WP User Manager PSID 6918353ae071 Credits Ananda Dhakal Patchstac...

4.3CVSS6.7AI score0.00174EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2024/05/07 9:15 p.m.5 views

CVE-2024-0024

In multiple methods of UserManagerService.java, there is a possible failure to persist or enforce user restrictions due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

7.8CVSS5.9AI score0.00111EPSS
Exploits0References2
OSV
OSV
added 2024/03/11 5:15 p.m.6 views

CVE-2024-0047

In writeUserLP of UserManagerService.java, device policies are serialized with an incorrect tag due to a logic error in the code. This could lead to local denial of service when policies are deserialized on reboot with no additional execution privileges needed. User interaction is not needed for...

5.5CVSS5.9AI score0.00147EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/11 12:0 a.m.19 views

PT-2024-15320 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A logic error in the code of UserManagerService.java causes device policies to be serialized with an incorrect tag. This can lead to a local denial of service when policies are deserialized...

5.5CVSS6.8AI score0.00147EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.5 views

PT-2023-13355 · Unknown · Rws Worldserver

Name of the Vulnerable Software and Affected Versions: RWS WorldServer versions prior to 11.7.3 Description: An issue was discovered that allows regular users to create users with the Administrator role via UserWSUserManager. This enables unauthorized elevation of privileges. Recommendations: For...

9.8CVSS7.1AI score0.00887EPSS
Exploits1References4
Veracode
Veracode
added 2023/10/09 2:24 p.m.22 views

Privilege Escalation

mattermost is vulnerable to Privilege Escalation. Mattermost fails to properly verify the bot permissions, allowing a User Manager role with user edit permissions to manage/update bots...

3.8CVSS6.8AI score0.00366EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/09/29 12:30 p.m.21 views

Mattermost Incorrect Authorization vulnerability

Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager...

4.3CVSS6.8AI score0.00335EPSS
Exploits0References3Affected Software2
Github Security Blog
Github Security Blog
added 2023/09/29 12:30 p.m.22 views

Mattermost Incorrect Authorization vulnerability

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

3.8CVSS6.8AI score0.00366EPSS
Exploits0References3Affected Software2
NVD
NVD
added 2023/09/29 10:15 a.m.15 views

CVE-2023-5194

Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager...

4.3CVSS4.3AI score0.00335EPSS
Exploits0References1
Prion
Prion
added 2023/09/29 10:15 a.m.15 views

Design/Logic Flaw

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

3.3CVSS3.9AI score0.00366EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/09/29 9:28 a.m.11 views

CVE-2023-5194 A system/user manager can demote / deactivate another manager

Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager...

2.7CVSS6.8AI score0.00335EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/29 9:28 a.m.12 views

CVE-2023-5194 A system/user manager can demote / deactivate another manager

Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager...

2.7CVSS4.9AI score0.00335EPSS
Exploits0References1
Cvelist
Cvelist
added 2023/09/29 9:21 a.m.25 views

CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

3.8CVSS4.5AI score0.00366EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/09/29 9:21 a.m.12 views

CVE-2023-5159 A User Manager role with user edit permissions could manage/update bots

Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots...

3.8CVSS6.7AI score0.00366EPSS
Exploits0References1
Rows per page
Query Builder