Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:12 a.m.12 views

CVE-2023-3105

The LearnDash LMS plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 4.6.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for...

8.8CVSS6.7AI score0.02233EPSS
Exploits2References1
OSV
OSV
added 2024/10/22 6:32 p.m.12 views

GHSA-6C4V-X9V2-RJM8 Liferay Portal and Liferay DXP Vulnerable to Cross-Site Request Forgery (CSRF) via the My Account Widget

Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...

8.8CVSS7.6AI score0.00342EPSS
Exploits0References3
NVD
NVD
added 2024/10/22 3:15 p.m.76 views

CVE-2024-26272

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

8.8CVSS0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/22 2:50 p.m.45 views

CVE-2024-26272

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

8.8CVSS0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/22 2:50 p.m.12 views

CVE-2024-26272

Cross-site request forgery CSRF vulnerability in the content page editor in Liferay Portal 7.3.2 through 7.4.3.107, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 GA through update 92 and 7.3 GA through update 35 allows remote attackers to 1 change user passwords, 2...

8.8CVSS8AI score0.00342EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/22 2:6 p.m.16 views

CVE-2024-26271

Cross-site request forgery CSRF vulnerability in the My Account widget in Liferay Portal 7.4.3.75 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.2, 2023.Q3.1 through 2023.Q3.5, 7.4 update 75 through update 92 and 7.3 update 32 through update 36 allows remote attackers to 1 change us...

8.8CVSS7.8AI score0.00342EPSS
Exploits0References1
Cvelist
Cvelist
added 2013/01/24 1:0 a.m.23 views

CVE-2012-6508

Multiple cross-site request forgery CSRF vulnerabilities in NetArt Media Car Portal 3.0 allow remote attackers to hijack the authentication of administrators for requests that 1 change arbitrary user passwords via a nouveau action in the security module to cars/ADMIN/index.php; 2 create a user or...

7.2AI score0.01086EPSS
Exploits1References3
Rows per page
Query Builder