64 matches found
WordPress plugin Wicked Folders – Folder Organizer for Pages, Posts, and Custom Post Types 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
EUVD-2021-11831
Malware in sbrugna...
EUVD-2023-12741
Malicious code in bioql PyPI...
EUVD-2023-12751
Malicious code in bioql PyPI...
EUVD-2023-12758
Malicious code in bioql PyPI...
EUVD-2023-12757
Malicious code in bioql PyPI...
EUVD-2023-12743
Malicious code in bioql PyPI...
EUVD-2023-12755
Malicious code in bioql PyPI...
CVE-2023-0727
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...
CVE-2023-0723
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxmoveobject function. This makes it possible for unauthenticated attackers to invoke this function via forg...
CVE-2023-0684
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxunassignfolders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...
CVE-2021-24919
The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folderid parameter before using it in a SQL statement in the wickedfolderssavesortorder AJAX action, available to any authenticated user. leading to an SQL injection...
CVE-2023-0729
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavesortorder function. This makes it possible for unauthenticated attackers to invoke this function via...
Cross site request forgery (csrf)
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavesortorder function. This makes it possible for unauthenticated attackers to invoke this function via...
CVE-2023-0729 Wicked Folders <= 2.18.16 - Cross-Site Request Forgery via ajax_save_sort_order
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavesortorder function. This makes it possible for unauthenticated attackers to invoke this function via...
The vulnerability of the ajax_save_state() function in the Wicked Folders plugin of the WordPress content management system allows a hacker to perform a CSRF attack.
The vulnerability of the ajaxsavestate function in the Wicked Folders plugin of the WordPress content management system is related to the manipulation of cross-site requests. Exploiting this vulnerability could allow a malicious actor to execute a CSRF attack from a remote location...
CVE-2023-0717
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke th...
CVE-2023-0722
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxsavestate function. This makes it possible for unauthenticated attackers to invoke this function via forge...
CVE-2023-0716
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxeditfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...
CVE-2023-0725
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxclonefolder function. This makes it possible for unauthenticated attackers to invoke this function via...