Lucene search
K

4 matches found

Cvelist
Cvelist
added 2022/08/22 3:2 p.m.24 views

CVE-2022-2377 Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The Directorist WordPress plugin before 7.3.0 does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog...

5AI score0.00308EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/07/26 12:0 a.m.26 views

Directorist < 7.3.0 - Subscriber+ Arbitrary E-mail Sending

The plugin does not have authorisation and CSRF checks in an AJAX action, allowing any authenticated users to send arbitrary emails on behalf of the blog PoC fetch"/wp-admin/admin-ajax.php", "headers": "content-type": "application/x-www-form-urlencoded", , "method": "POST", "body":...

4.3CVSS3.8AI score0.00308EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/05/23 12:0 a.m.21 views

WordPress Like Button Rating LikeBtn plugin <= 2.6.44 - Arbitrary e-mail Sending vulnerability

Arbitrary e-mail Sending vulnerability discovered by Krzysztof Zając in WordPress Like Button Rating LikeBtn plugin versions = 2.6.44. Solution Update the WordPress Like Button Rating LikeBtn plugin to the latest available version at least 2.6.45...

6.5CVSS3.3AI score0.0077EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/05/23 12:0 a.m.118 views

Like Button Rating < 2.6.45 - Arbitrary e-mail Sending

The plugin allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body As a subscriber, run the below command in the web developer console of the browser fetch"/wp-admin/admin-ajax.php?action=likebtntestvotenotification", "headers":...

6.5CVSS0.4AI score0.0077EPSS
Exploits2
Rows per page
Query Builder