Lucene search
K

6 matches found

OSV
OSV
added 2023/02/08 2:15 a.m.6 views

CVE-2023-0724

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxaddfolder function. This makes it possible for unauthenticated attackers to invoke this function via forge...

4.3CVSS6.3AI score0.00308EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.2 views

CVE-2023-0724

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxaddfolder function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS5.8AI score0.00308EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2023/02/08 12:0 a.m.4 views

VulnCheck KEV: CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

5.4CVSS6.5AI score0.00576EPSS
Exploits0References1
CNNVD
CNNVD
added 2023/02/08 12:0 a.m.7 views

WordPress plugin Wicked Folders 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. ghost is a plugin for importing/exporting WordPress data. relevant is a relevant content...

5.4CVSS6.1AI score0.00308EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/02/07 10:15 p.m.1 views

CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
OSV
OSV
added 2023/02/07 10:15 p.m.4 views

CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

4.3CVSS6.5AI score0.00576EPSS
Exploits0References3
Rows per page
Query Builder