Lucene search
K

6 matches found

Prion
Prion
added 2023/04/17 1:15 p.m.16 views

Cross site request forgery (csrf)

Themeflection Numbers WordPress plugin before 2.0.1 does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, suc...

4CVSS6.4AI score0.00301EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2023/04/17 12:17 p.m.53 views

CVE-2023-0889

CVE-2023-0889 affects Themeflection Numbers WordPress plugin pre-2.0.1. The vulnerability arises from missing authorization and CSRF checks in an AJAX action and failure to verify that updated options belong to the plugin, enabling any authenticated user (e.g., Subscriber) to update arbitrary blo...

6.5CVSS6.7AI score0.00301EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/03/27 12:0 a.m.13 views

TF Random Numbers < 2.0.1 - Subscriber+ Arbitrary Option Update

The plugin does not have authorisation and CSRF check in an AJAX action, and does not ensure that the options to be updated belong to the plugin. As a result, it could allow any authenticated users, such as subscriber, to update arbitrary blog options, such as enabling registration and set the...

6.5CVSS6.8AI score0.00301EPSS
Exploits2Affected Software1
CNNVD
CNNVD
added 2022/05/30 12:0 a.m.9 views

WordPress plugin Content Mask 安全漏洞

WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plug-in. A security vulnerability exists in versions of WordPress Content Mask plugin prior to 1.8.4.1. The vulnerability...

4.3CVSS5.8AI score0.01052EPSS
Exploits3References3
ATTACKERKB
ATTACKERKB
added 2022/01/10 12:0 a.m.136 views

CVE-2021-25032

The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin’s settings via the init hook, and does not ensure that the options to be updated belong to the plugin. As a...

9.8CVSS9.5AI score0.06745EPSS
In wildExploits2References3
WPVulnDB
WPVulnDB
added 2021/10/05 12:0 a.m.12 views

JobSearch WP Job Board < 1.8.2 - Subscriber+ Arbitrary Blog Options Update

The jobsearchjobintegrationssettinsave AJAX action of the plugin, available to any authenticated user, does not have authorisation and CSRF in place, allowing any authenticated user, such as subscriber to call it and modify arbitrary blog options...

2.7AI score
Exploits0References1Affected Software1
Rows per page
Query Builder