Lucene search
K

64 matches found

CNNVD
CNNVD
added 2026/03/16 12:0 a.m.9 views

WordPress plugin Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.8AI score0.00233EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11831

Malware in sbrugna...

8.8CVSS8.7AI score0.01517EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12741

Malicious code in bioql PyPI...

5.4CVSS6AI score0.00576EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-12751

Malicious code in bioql PyPI...

5.4CVSS6AI score0.00322EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-12758

Malicious code in bioql PyPI...

5.4CVSS6AI score0.00322EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-12757

Malicious code in bioql PyPI...

5.4CVSS6.1AI score0.00297EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2023-12743

Malicious code in bioql PyPI...

5.4CVSS6AI score0.00576EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-12755

Malicious code in bioql PyPI...

5.4CVSS6.1AI score0.00322EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 5:42 a.m.3 views

CVE-2023-0727

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS4.3AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.7 views

CVE-2023-0723

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxmoveobject function. This makes it possible for unauthenticated attackers to invoke this function via forg...

5.4CVSS6.5AI score0.00322EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:41 a.m.7 views

CVE-2023-0684

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxunassignfolders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

5.4CVSS6.5AI score0.00576EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:24 p.m.4 views

CVE-2021-24919

The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folderid parameter before using it in a SQL statement in the wickedfolderssavesortorder AJAX action, available to any authenticated user. leading to an SQL injection...

8.8CVSS7.3AI score0.01517EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.2 views

CVE-2023-0729

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavesortorder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS5.8AI score0.00297EPSS
Exploits0References4
Prion
Prion
added 2023/06/09 6:15 a.m.11 views

Cross site request forgery (csrf)

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavesortorder function. This makes it possible for unauthenticated attackers to invoke this function via...

4.3CVSS4.4AI score0.00297EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/06/09 5:33 a.m.8 views

CVE-2023-0729 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavesortorder function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS6.5AI score0.00297EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/02/15 12:0 a.m.5 views

The vulnerability of the ajax_save_state() function in the Wicked Folders plugin of the WordPress content management system allows a hacker to perform a CSRF attack.

The vulnerability of the ajaxsavestate function in the Wicked Folders plugin of the WordPress content management system is related to the manipulation of cross-site requests. Exploiting this vulnerability could allow a malicious actor to execute a CSRF attack from a remote location...

6.4CVSS6.3AI score0.00308EPSS
Exploits0References5Affected Software1
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.3 views

CVE-2023-0717

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke th...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
NVD
NVD
added 2023/02/08 2:15 a.m.34 views

CVE-2023-0722

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS5.2AI score0.00308EPSS
Exploits0References4
OSV
OSV
added 2023/02/08 2:15 a.m.7 views

CVE-2023-0716

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxeditfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

4.3CVSS6.5AI score0.00576EPSS
Exploits0References3
OSV
OSV
added 2023/02/08 2:15 a.m.6 views

CVE-2023-0725

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxclonefolder function. This makes it possible for unauthenticated attackers to invoke this function via...

4.3CVSS6.3AI score0.00308EPSS
Exploits0References3
Rows per page
Query Builder