Lucene search
+L

4 matches found

nvd
nvd
added 2023/11/20 3:15 p.m.17 views

CVE-2023-6196

The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audiomerchantaddaudiofile function. This makes it possible for unauthenticated attackers to upload...

8.8CVSS0.00337EPSS
Exploits0References2
cve
cve
added 2023/11/20 2:34 p.m.67 views

CVE-2023-6196

CVE-2023-6196 (Audio Merchant, WordPress) : The vulnerability is a Cross-Site Request Forgery in all versions up to 5.0.4 caused by missing or incorrect nonce validation in audio_merchant_add_audio_file. This permits unauthenticated attackers to upload arbitrary files by tricking an administrator...

8.8CVSS8.3AI score0.00337EPSS
Exploits0References2Affected Software1
cvelist
cvelist
added 2023/11/20 2:34 p.m.23 views

CVE-2023-6196 Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload

The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audiomerchantaddaudiofile function. This makes it possible for unauthenticated attackers to upload...

8.8CVSS8.6AI score0.00337EPSS
Exploits0References2
patchstack
patchstack
added 2023/11/20 12:0 a.m.15 views

WordPress Audio Merchant Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Audio Merchant Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6196 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 8d1ec07de68f Credits Ala Arfaoui Required...

8.8CVSS6.6AI score0.00337EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder