Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

3 matches found

NVD
NVDadded 2024/01/16 4:15 p.m.14 views

CVE-2022-0775

The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment...

4.3CVSS4.7AI score0.00339EPSS
Exploits2References3
wpexploit
wpexploitadded 2021/10/11 12:0 a.m.777 views

wpDiscuz < 7.3.4 - Arbitrary Comment Addition/Edition/Deletion via CSRF

The plugin does check for CSRF when adding, editing and deleting comments, which could allow attacker to make logged in users such as admin edit and delete arbitrary comment, or the user who made the comment to edit it via a CSRF attack. Attackers could also make logged in users post arbitrary...

4.3CVSS0.5AI score0.00143EPSS
Exploits2
WPVulnDB
WPVulnDBadded 2021/05/26 12:0 a.m.16 views

Multivendor Marketplace Solution for WooCommerce < 3.7.4 - Unauthenticated Arbitrary Product Comment

The plugin did not properly check for CSRF when saving a product comment, and took the user ID to link the comment to from user input. As a result, attackers can post arbitrary comment, as another user as well by manipulating the currentuserid parameter. PoC POST / HTTP/1.1 Accept:...

1.9AI score
Exploits0Affected Software1
Rows per page
Query Builder