Lucene search
K

35 matches found

Prion
Prion
added 2023/12/09 7:15 a.m.19 views

Cross site request forgery (csrf)

The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX...

6.8CVSS6.9AI score0.00272EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/12/09 6:51 a.m.33 views

CVE-2023-5756 Digital Publications by Supsystic <= 1.7.6 - Cross-Site Request Forgery via AJAX action

The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX...

5.4CVSS8.7AI score0.00272EPSS
Exploits0References3
NVD
NVD
added 2023/06/09 6:16 a.m.13 views

CVE-2023-2526

The Easy Google Maps plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.11.7. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to executes AJAX actions via a forg...

5.4CVSS5.1AI score0.00282EPSS
Exploits0References4
NVD
NVD
added 2023/05/17 12:15 a.m.24 views

CVE-2023-2528

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...

8.8CVSS6.2AI score0.0032EPSS
Exploits0References3
Prion
Prion
added 2023/05/17 12:15 a.m.12 views

Cross site request forgery (csrf)

The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions vi...

6.8CVSS8.4AI score0.0032EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/12/19 2:15 p.m.7 views

CVE-2022-4024

The Registration Forms WordPress plugin before 3.8.1.3 does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts...

6.5CVSS5.9AI score0.00334EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/12/19 12:0 a.m.8 views

PT-2022-25302 · WordPress · Registration Forms

Name of the Vulnerable Software and Affected Versions: Registration Forms WordPress plugin versions prior to 3.8.1.3 Description: The issue allows unauthenticated attackers to delete arbitrary users, along with their posts, due to a lack of authorisation and CSRF protection when deleting users vi...

6.5CVSS6.6AI score0.00334EPSS
Exploits2References6
CNNVD
CNNVD
added 2022/12/19 12:0 a.m.9 views

WordPress plugin Registration Forms 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...

6.5CVSS6.6AI score0.00334EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2022/11/28 12:0 a.m.21 views

Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion

The plugin does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts PoC Invoke the following curl command to delete the user user id 2 curl https://example.com/wp-admin/admin-ajax.php...

6.5CVSS3.8AI score0.00334EPSS
Exploits2Affected Software1
NVD
NVD
added 2022/10/25 5:15 p.m.17 views

CVE-2022-35879

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicio...

8.8CVSS0.00792EPSS
Exploits1References1
NVD
NVD
added 2022/10/25 5:15 p.m.16 views

CVE-2022-35878

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicio...

8.8CVSS0.00792EPSS
Exploits1References1
Cvelist
Cvelist
added 2022/10/25 4:34 p.m.16 views

CVE-2022-35881

Four format string injection vulnerabilities exist in the UPnP logging functionality of Abode Systems, Inc. iota All-In-One Security Kit 6.9Z and 6.9X. A specially-crafted UPnP negotiation can lead to memory corruption, information disclosure, and denial of service. An attacker can host a malicio...

7.1CVSS9AI score0.00792EPSS
Exploits1References1
CNVD
CNVD
added 2015/08/04 12:0 a.m.2 views

Symantec Endpoint Protection Manager Arbitrary File Read Vulnerability

Symantec Endpoint Protection Manager SEPM is a suite of enterprise-grade virus protection software from Symantec USA. The software protects against malicious attacks such as viruses, worms, and Trojan horses. SEPM 12.1-RU6-MP1 A security vulnerability exists in the action handler in the managemen...

4CVSS6.9AI score0.01813EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2013/01/31 9:55 p.m.1 views

CVE-2013-0230

Stack-based buffer overflow in the ExecuteSoapAction function in the SOAPAction handler in the HTTP service in MiniUPnP MiniUPnPd 1.0 allows remote attackers to execute arbitrary code via a long quoted method...

10CVSS6.4AI score0.69151EPSS
Exploits14References8
Cvelist
Cvelist
added 2006/04/20 10:0 a.m.15 views

CVE-2006-1889

Cross-site scripting XSS vulnerability in the search action handler in index.php in Nils Asmussen aka SCRIPTSOLUTION Boardsolution 1.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the "Search for" item keyword parameter...

5.7AI score0.01373EPSS
Exploits0References8
Rows per page
Query Builder