Lucene search
K

121 matches found

Vulnrichment
Vulnrichment
added 2024/02/27 11:5 a.m.11 views

CVE-2024-1912 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS6.6AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/27 11:5 a.m.34 views

CVE-2024-1909 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxRenameCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categori...

4.3CVSS4.5AI score0.00202EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/27 11:5 a.m.11 views

CVE-2024-1909

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categori...

4.3CVSS6.4AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/27 11:5 a.m.20 views

CVE-2024-1912 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxUpdateFolderPosition

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS4.6AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2024/02/27 11:5 a.m.142 views

CVE-2024-1912

The CVE-2024-1912 entry concerns the Categorify WordPress plugin (versions up to and including 1.0.7.4). The underlying issue is missing or incorrect nonce validation in the categorifyAjaxUpdateFolderPosition function, enabling CSRF: unauthenticated attackers could forge requests to alter categor...

4.3CVSS5.2AI score0.00202EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/27 11:5 a.m.127 views

CVE-2024-1909

The Categorify WordPress plugin (Categories/Media Library) is affected by a CSRF vulnerability (CVE-2024-1909) due to missing nonce validation in the categorifyAjaxRenameCategory path. Affected versions are up to 1.0.7.4. The issue allows unauthenticated attackers to rename categories by triggeri...

4.3CVSS4.5AI score0.00202EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/02/27 11:5 a.m.14 views

CVE-2024-1907 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categori...

4.3CVSS6.6AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2024/02/27 11:5 a.m.137 views

CVE-2024-1653

The CVE-2024-1653 vulnerability affects the Categorify WordPress plugin and hinges on a missing authorization check in categorifyAjaxUpdateFolderPosition. It affects all versions up to 1.0.7.4, enabling an authenticated attacker with subscriber-level access or higher to modify folder positions an...

4.3CVSS5.2AI score0.0034EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2024/02/27 11:5 a.m.143 views

CVE-2024-1907

CVE-2024-1907 relates to the WordPress Categorify plugin. The connected documents confirm a CSRF vulnerability caused by missing or incorrect nonce validation in the categorifyAjaxDeleteCategory function, affecting all versions up to and including 1.0.7.4. This allows unauthenticated attackers to...

4.3CVSS5.2AI score0.00202EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/02/27 11:5 a.m.30 views

CVE-2024-1907 Categorify <= 1.0.7.4 - Cross-Site Request Forgery via categorifyAjaxDeleteCategory

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categori...

4.3CVSS4.5AI score0.00202EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/02/27 11:5 a.m.28 views

CVE-2024-1653 Categorify <= 1.0.7.4 - Missing Authorization in categorifyAjaxUpdateFolderPosition

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/27 11:5 a.m.11 views

CVE-2024-1653

The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxUpdateFolderPosition in all versions up to, and including, 1.0.7.4. This makes it possible for authenticated attackers, with subscriber-level access and...

4.3CVSS6.5AI score0.0034EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.5 views

PT-2024-18201 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is related to a missing capability check on the categorifyAjaxUpdateFolderPosition function, allowing authenticated attackers with subscriber-level...

4.3CVSS9.2AI score0.0034EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.5 views

PT-2024-18417 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function, making it possible for unauthenticated attackers...

4.3CVSS9.3AI score0.00202EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.6 views

PT-2024-18415 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This allows...

4.3CVSS9.3AI score0.00202EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.7 views

PT-2024-18413 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This allows...

4.3CVSS9.3AI score0.00202EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.4 views

PT-2024-18198 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The Categorify plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the categorifyAjaxRenameCategory...

4.3CVSS9.3AI score0.0034EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.6 views

PT-2024-18416 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This allows...

4.3CVSS9.3AI score0.00202EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.6 views

WordPress Plugin Categorify Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.4 views

PT-2024-18200 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue allows unauthorized modification of data due to a missing capability check on the categorifyAjaxClearCategory function. This makes it possible for...

4.3CVSS9.3AI score0.0034EPSS
Exploits0References7
Rows per page
Query Builder