121 matches found
CVE-2024-1912 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...
CVE-2024-1909 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxRenameCategory
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categori...
CVE-2024-1909
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categori...
CVE-2024-1912 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...
CVE-2024-1912
The CVE-2024-1912 entry concerns the Categorify WordPress plugin (versions up to and including 1.0.7.4). The underlying issue is missing or incorrect nonce validation in the categorifyAjaxUpdateFolderPosition function, enabling CSRF: unauthenticated attackers could forge requests to alter categor...
CVE-2024-1909
The Categorify WordPress plugin (Categories/Media Library) is affected by a CSRF vulnerability (CVE-2024-1909) due to missing nonce validation in the categorifyAjaxRenameCategory path. Affected versions are up to 1.0.7.4. The issue allows unauthenticated attackers to rename categories by triggeri...
CVE-2024-1907 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categori...
CVE-2024-1653
The CVE-2024-1653 vulnerability affects the Categorify WordPress plugin and hinges on a missing authorization check in categorifyAjaxUpdateFolderPosition. It affects all versions up to 1.0.7.4, enabling an authenticated attacker with subscriber-level access or higher to modify folder positions an...
CVE-2024-1907
CVE-2024-1907 relates to the WordPress Categorify plugin. The connected documents confirm a CSRF vulnerability caused by missing or incorrect nonce validation in the categorifyAjaxDeleteCategory function, affecting all versions up to and including 1.0.7.4. This allows unauthenticated attackers to...
CVE-2024-1907 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory
The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categori...
CVE-2024-1653 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxUpdateFolderPosition
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
CVE-2024-1653
The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...
PT-2024-18201 · WordPress · Categorify
Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is related to a missing capability check on the categorifyAjaxUpdateFolderPosition function, allowing authenticated attackers with subscriber-level...
PT-2024-18417 · WordPress · Categorify
Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function, making it possible for unauthenticated attackers...
PT-2024-18415 · WordPress · Categorify
Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This allows...
PT-2024-18413 · WordPress · Categorify
Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This allows...
PT-2024-18198 · WordPress · Categorify
Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory...
PT-2024-18416 · WordPress · Categorify
Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This allows...
WordPress Plugin Categorify Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-18200 · WordPress · Categorify
Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function. This makes it possible for...