Lucene search
+L

357 matches found

Positive Technologies
Positive Technologies
added 2023/05/31 12:0 a.m.3 views

PT-2023-20069 · WordPress · Feather Login Page

Name of the Vulnerable Software and Affected Versions: Feather Login Page plugin for WordPress versions 1.0.7 through 1.1.1 Description: The issue allows authenticated attackers with subscriber-level permissions and above to access login links, potentially leading to privilege escalation, due to ...

8.8CVSS8.8AI score0.00714EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2023/05/26 5:15 p.m.3 views

CVE-2023-2002

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

6.8CVSS6.8AI score0.0147EPSS
Exploits2References6
OSV
OSV
added 2023/05/26 5:15 p.m.15 views

AZL-27078 CVE-2023-2002 affecting package kernel for versions less than 5.15.116.1-2

A vulnerability was found in the HCI sockets implementation due to a missing capability check in net/bluetooth/hcisock.c in the Linux Kernel. This flaw allows an attacker to unauthorized execution of management commands, compromising the confidentiality, integrity, and availability of Bluetooth...

6.8CVSS6.8AI score0.0147EPSS
Exploits2References1
OSV
OSV
added 2023/03/10 8:15 p.m.6 views

CVE-2023-1338

The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to unauthorized cache modification due to a missing capability check on the attachrule function in versions up to, and including, 1.7.1. This makes it possible for authenticated attackers with subscriber-level access to...

4.3CVSS6.6AI score0.00548EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/02/28 1:15 p.m.4 views

CVE-2023-1023

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the saveSitemapSettings function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to change...

5.4CVSS6.6AI score0.00538EPSS
Exploits0References4
OSV
OSV
added 2023/02/28 1:15 p.m.7 views

CVE-2023-1024

The WP Meta SEO plugin for WordPress is vulnerable to unauthorized sitemap generation due to a missing capability check on the regenerateSitemaps function in versions up to, and including, 4.5.3. This makes it possible for authenticated attackers with subscriber-level access to generate sitemaps...

4.3CVSS5.8AI score0.00538EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2023/02/08 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-0719

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavesortorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

5.4CVSS6.5AI score0.00601EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/07 12:0 a.m.6 views

PT-2023-16469 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax move object function, allowing authenticated attackers with subscriber-level permissions an...

5.4CVSS5.2AI score0.00601EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2022/12/16 2:15 p.m.2 views

CVE-2022-4555

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...

6.5CVSS6.2AI score0.00665EPSS
Exploits0References3
OSV
OSV
added 2022/12/14 9:15 p.m.7 views

CVE-2022-4501

The Mega Addons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the vcsavingdata function in versions up to, and including, 4.2.7. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to update the plugin'...

6.5CVSS5.8AI score0.00692EPSS
Exploits0References2
VulnCheck KEV
VulnCheck KEV
added 2021/11/28 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-39317

A WordPress plugin and several WordPress themes developed by AccessPress Themes are vulnerable to malicious file uploads via the pluginofflineinstaller AJAX action due to a missing capability check in the pluginofflineinstallercallback function found in the /demo-functions.php file or...

8.8CVSS7.2AI score0.01652EPSS
Exploits2References1
VulnCheck KEV
VulnCheck KEV
added 2021/11/02 12:0 a.m.5 views

VulnCheck KEV: CVE-2021-42359

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to...

9.1CVSS7.3AI score0.0393EPSS
Exploits1References1
OSV
OSV
added 2021/11/01 9:15 a.m.4 views

CVE-2021-24742

The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check...

6.5CVSS6.6AI score0.0083EPSS
Exploits2References1
BDU FSTEC
BDU FSTEC
added 2020/12/23 12:0 a.m.4 views

The vulnerability in the net/nfc/rawsock.c function of the Linux operating system allows a attacker to compromise the integrity of protected information.

The vulnerability in the net/nfc/rawsock.c function of the Linux operating system is related to the lack of checking for CAPNETRAW when creating a NFC socket. Exploiting this vulnerability can allow an attacker to compromise the integrity of the protected information...

5.5CVSS6.5AI score0.00399EPSS
Exploits0References23Affected Software7
NVD
NVD
added 2017/05/15 2:29 p.m.22 views

CVE-2017-7490

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...

5.3CVSS5.3AI score0.00977EPSS
Exploits0References1
Cvelist
Cvelist
added 2017/05/15 2:0 p.m.38 views

CVE-2017-7490

In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...

5.8AI score0.00977EPSS
Exploits0References1
OSV
OSV
added 2014/10/13 12:0 a.m.7 views

UBUNTU-CVE-2014-7975

The doumount function in fs/namespace.c in the Linux kernel through 3.17 does not require the CAPSYSADMIN capability for doremountsb calls that change the root filesystem to read-only, which allows local users to cause a denial of service loss of writability by making certain unshare system calls...

5.5CVSS6.7AI score0.00461EPSS
Exploits0References10
Rows per page
Query Builder