Lucene search
K

7 matches found

Positive Technologies
Positive Technologies
added 2025/12/03 12:0 a.m.10 views

PT-2025-48809

Name of the Vulnerable Software and Affected Versions WP Directory Kit versions prior to 1.4.5 Description The WP Directory Kit plugin for WordPress has a flaw in its authentication process. Specifically, versions up to and including 1.4.4 are susceptible to authentication bypass due to a weak...

10CVSS6.7AI score0.0472EPSS
Exploits3References15
RedhatCVE
RedhatCVE
added 2025/05/23 3:31 a.m.9 views

CVE-2023-2736

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...

8CVSS6.3AI score0.00399EPSS
Exploits0References1
OSV
OSV
added 2023/05/20 3:15 a.m.5 views

CVE-2023-2736

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...

8CVSS5.7AI score0.00399EPSS
Exploits0References4
OSV
OSV
added 2023/05/20 3:15 a.m.6 views

CVE-2023-2715

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...

4.3CVSS6.6AI score0.00561EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/05/20 2:3 a.m.9 views

CVE-2023-2736 Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...

7.5CVSS7.1AI score0.00399EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/05/20 2:3 a.m.21 views

CVE-2023-2715 Groundhogg <= 2.7.9.8 - Missing Authorization to Admin Account and Ticket Creation

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'submitticket' function in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers to create a support ticket that sends the website's...

4.3CVSS4.7AI score0.00561EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/05/20 12:0 a.m.6 views

PT-2023-21078 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to missing nonce validation in the ajax edit contact function, making it possible for authenticated attackers to elevate verified user...

8CVSS7.9AI score0.00399EPSS
Exploits0References8
Rows per page
Query Builder