Lucene search
K

643 matches found

CNNVD
CNNVD
added 2023/06/09 12:0 a.m.6 views

WordPress Plugin Elementor Addons, Widgets and Enhancements – Stax 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Elementor Addons,...

4.3CVSS6.5AI score0.00595EPSS
Exploits1References3
CNNVD
CNNVD
added 2023/06/07 12:0 a.m.8 views

WordPress Plugin WordPress Automatic 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

9.8CVSS8.3AI score0.16408EPSS
Exploits3References3
OSV
OSV
added 2023/02/20 5:15 p.m.3 views

UBUNTU-CVE-2022-48318

No authorisation controls in the RestAPI documentation for Tribe29's Checkmk = 2.1.0p13 and Checkmk = 2.0.0p29 which may lead to unintended information disclosure through automatically generated user specific tags within Rest API documentation...

5.3CVSS5.8AI score0.00486EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2023/02/15 4:27 a.m.6 views

SUSE CVE-2018-10925

It was discovered that PostgreSQL versions before 10.5, 9.6.10, 9.5.14, 9.4.19, and 9.3.24 failed to properly check authorization on certain statements involved with "INSERT ... ON CONFLICT DO UPDATE". An attacker with "CREATE TABLE" privileges could exploit this to read arbitrary bytes server...

7.1CVSS6.9AI score0.02241EPSS
Exploits0References8
OSV
OSV
added 2023/01/30 9:15 p.m.6 views

CVE-2022-4872

The Chained Products WordPress plugin before 2.12.0 does not have authorisation and CSRF checks, as well as does not ensure that the option to be updated belong to the plugin, allowing unauthenticated attackers to set arbitrary options to 'no'...

4.3CVSS5.8AI score0.00281EPSS
Exploits2References1
OSV
OSV
added 2022/12/19 2:15 p.m.5 views

CVE-2022-4124

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...

4.3CVSS5.8AI score0.00274EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2022/12/19 12:0 a.m.8 views

PT-2022-25302 · WordPress · Registration Forms

Name of the Vulnerable Software and Affected Versions: Registration Forms WordPress plugin versions prior to 3.8.1.3 Description: The issue allows unauthenticated attackers to delete arbitrary users, along with their posts, due to a lack of authorisation and CSRF protection when deleting users vi...

6.5CVSS6.6AI score0.00334EPSS
Exploits2References6
OSV
OSV
added 2022/11/14 3:15 p.m.4 views

CVE-2022-3538

The Webmaster Tools Verification WordPress plugin through 1.2 does not have authorisation and CSRF checks when disabling plugins, allowing unauthenticated users to disable arbitrary plugins...

6.5CVSS5.9AI score0.00349EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/11/07 12:0 a.m.7 views

WordPress plugin Role Based Pricing for WooCommerce 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A code issue vulnerability exists in the...

8.8CVSS8.1AI score0.00498EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/10/10 9:15 p.m.4 views

CVE-2022-2350

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block or unblock users at will...

5.3CVSS5.9AI score0.00408EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2022/10/10 12:0 a.m.7 views

PT-2022-16032 · WordPress · Disable User Login

Name of the Vulnerable Software and Affected Versions: Disable User Login WordPress plugin versions 1.0.0 through 1.0.1 Description: The issue concerns a lack of authorization and CSRF checks when updating settings in the Disable User Login WordPress plugin. This allows unauthenticated attackers ...

5.3CVSS5.3AI score0.00408EPSS
Exploits1References4
OSV
OSV
added 2022/09/26 1:15 p.m.5 views

CVE-2022-3024

The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. Furthermore, due to the lack of sanitisation and escaping, it could also lead to Stored...

5.4CVSS5.8AI score0.00231EPSS
Exploits2References1
CNNVD
CNNVD
added 2022/09/14 12:0 a.m.5 views

KDiskMark 安全漏洞

KDiskMark is an HDD and SSD benchmarking tool by Dmitry Sidorov, a personal developer. It has a very user-friendly graphical user interface. A security vulnerability exists in KDiskMark versions prior to 3.1.0, which stems from a missing authorization check for D-Bus methods such as...

7.8CVSS7.3AI score0.00355EPSS
Exploits1References7
OSV
OSV
added 2022/09/05 6:15 p.m.4 views

CVE-2022-38367

The Netic User Export add-on before 2.0.6 for Atlassian Jira does not perform authorization checks. This might allow an unauthenticated user to export all users from Jira by making an HTTP request to the affected endpoint...

5.3CVSS5.8AI score0.00423EPSS
Exploits0References2
OSV
OSV
added 2022/08/22 3:15 p.m.6 views

CVE-2022-2276

The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog...

4.3CVSS5.9AI score0.00336EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/08/15 11:21 a.m.3 views

CVE-2022-2180

The GREYD.SUITE WordPress theme does not properly validate uploaded custom font packages, and does not perform any authorization or csrf checks, allowing an unauthenticated attacker to upload arbitrary files including php source files, leading to possible remote code execution RCE...

9.8CVSS6.5AI score0.01896EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/06/27 9:15 a.m.3 views

CVE-2022-1572

The HTML2WP WordPress plugin through 1.0.0 does not have authorisation and CSRF checks in an AJAX action, available to any authenticated users such as subscriber, which could allow them to delete arbitrary file...

8.1CVSS7.4AI score0.00532EPSS
Exploits2References2
ATTACKERKB
ATTACKERKB
added 2022/06/27 9:15 a.m.4 views

CVE-2022-0444

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key...

4.3CVSS5.5AI score0.00283EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/06/27 12:0 a.m.3 views

PT-2022-13973 · WordPress · Html2Wp

Name of the Vulnerable Software and Affected Versions: HTML2WP WordPress plugin versions prior to 1.1 Description: The issue concerns a lack of authorization and CSRF checks when importing files, along with a failure to validate these files. As a result, unauthenticated attackers can upload...

9.8CVSS9.8AI score0.11866EPSS
Exploits2References3
Positive Technologies
Positive Technologies
added 2022/06/13 12:0 a.m.6 views

PT-2022-13501 · WordPress · Member Hero

Name of the Vulnerable Software and Affected Versions: Member Hero WordPress plugin versions 1.0.0 through 1.0.9 Description: The issue lacks authorization checks and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with n...

9.8CVSS9.5AI score0.09105EPSS
Exploits2References6
Rows per page
Query Builder