Lucene search
K

121 matches found

Cvelist
Cvelist
added 2025/09/09 4:25 p.m.11 views

CVE-2025-59005 WordPress Categorify plugin <= 1.0.7.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in frenify Categorify categorify allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Categorify: from n/a through = 1.0.7.5...

4.3CVSS0.00175EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/09 12:0 a.m.2 views

WordPress plugin Categorify 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.5AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/09 12:0 a.m.6 views

PT-2025-36814

Name of the Vulnerable Software and Affected Versions: frenify Categorify versions n/a through 1.0.7.5 Description: A missing authorization issue exists in frenify Categorify, allowing exploitation due to incorrectly configured access control security levels. Recommendations: Update frenify...

4.3CVSS6.3AI score0.00175EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/09/08 3:7 p.m.6 views

WordPress Categorify plugin <= 1.0.7.5 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Categorify versions = 1.0.7.5...

4.3CVSS6.8AI score0.00175EPSS
Exploits0Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 9:41 a.m.10 views

CVE-2024-1910

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...

4.3CVSS6.4AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:41 a.m.8 views

CVE-2024-1912

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS6.5AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:40 a.m.8 views

CVE-2024-1907

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categori...

4.3CVSS6.4AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:40 a.m.22 views

CVE-2024-1652

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.4AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:39 a.m.14 views

CVE-2024-1649

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxDeleteCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.4AI score0.0034EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:23 a.m.6 views

CVE-2024-1909

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categori...

4.3CVSS4.3AI score0.00202EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.18 views

CVE-2024-1906

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...

4.3CVSS6.4AI score0.00204EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/03/14 12:0 a.m.15 views

WordPress Categorify Plugin <= 1.0.7.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Categorify Type Plugin Vulnerable versions = 1.0.7.4 Fixed in 1.0.7.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1906 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3807b96abd23 Credits Francesco Carlucci...

4.3CVSS6.6AI score0.00204EPSS
Exploits0References7Affected Software1
Patchstack
Patchstack
added 2024/03/14 12:0 a.m.12 views

WordPress Categorify Plugin <= 1.0.7.4 is vulnerable to Broken Access Control

Software Categorify Type Plugin Vulnerable versions = 1.0.7.4 Fixed in 1.0.7.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1649 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ae42a7532dc2 Credits Francesco Carlucci Required...

4.3CVSS6.5AI score0.0034EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2024/03/13 4:15 p.m.4 views

CVE-2024-0385

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS5.8AI score0.00578EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 4:15 p.m.26 views

CVE-2024-0385

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.3AI score0.00578EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.23 views

Design/Logic Flaw

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4CVSS6.7AI score0.00578EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/13 3:26 p.m.33 views

CVE-2024-0385 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.6AI score0.00578EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/13 3:26 p.m.10 views

CVE-2024-0385 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxAddCategory

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxAddCategory function in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.6AI score0.00578EPSS
Exploits0References2
CVE
CVE
added 2024/03/13 3:26 p.m.75 views

CVE-2024-0385

CVE-2024-0385 affects the Categorify WordPress plugin (versions up to and including 1.0.7.4). The vulnerability arises from a missing capability/authorization check within the categorifyAjaxAddCategory function, enabling authenticated users with subscriber-level access and above to modify data (a...

4.3CVSS5.2AI score0.00578EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

WordPress Plugin Categorify Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.6AI score0.00578EPSS
Exploits0References3
Rows per page
Query Builder