6 matches found
CVE-2023-0727
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...
CVE-2023-0717
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke th...
VulnCheck KEV: CVE-2023-0717
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxdeletefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...
PT-2023-16473 · WordPress · Wicked Folders
Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax delete folder function, allowing authenticated attackers with subscriber-level permissions...
CVE-2023-0727
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...
CVE-2023-0727
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajaxdeletefolder function. This makes it possible for unauthenticated attackers to invoke this function via...