Lucene search
K

7 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-11755

Malware in sbrugna...

6.5CVSS6.5AI score0.00531EPSS
Exploits2References2
Cvelist
Cvelist
added 2022/02/07 3:47 p.m.38 views

CVE-2021-24839 SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion

The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsctickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction. Other actions may be affected as well...

7.8AI score0.0124EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/01/05 12:0 a.m.14 views

SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF

The plugin does not have CRSF check in its wpsctickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction. PoC...

6.5CVSS5.2AI score0.00531EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/01/05 12:0 a.m.20 views

WordPress SupportCandy plugin <= 2.2.6 - Arbitrary Ticket Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Ticket Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Brandon Roldan in WordPress SupportCandy plugin versions = 2.2.6. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.7...

6.5CVSS4.1AI score0.00531EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2022/01/05 12:0 a.m.25 views

WordPress SupportCandy plugin <= 2.2.4 - Unauthenticated Arbitrary Ticket Deletion vulnerability

Unauthenticated Arbitrary Ticket Deletion vulnerability discovered by Brandon Roldan in WordPress SupportCandy plugin versions = 2.2.4. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.5...

7.5CVSS3.4AI score0.0124EPSS
Exploits2References3Affected Software1
wpexploit
wpexploit
added 2022/01/05 12:0 a.m.86 views

SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF

The plugin does not have CRSF check in its wpsctickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction...

6.5CVSS1.7AI score0.00531EPSS
Exploits2
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2009/11/19 12:0 a.m.39 views

JVN#87341298 Redmine vulnerable to cross-site request forgery

Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into Redmine, an arbitrary ticket may be deleted. Solution Update the Software Update to the latest version according to the information...

6.8CVSS6.2AI score0.00719EPSS
Exploits0
Rows per page
Query Builder