Lucene search
K

10517 matches found

NVD
NVD
added 2024/03/16 6:15 a.m.10 views

CVE-2024-1733

The Word Replacer Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the wordreplacerultra function in all versions up to, and including, 1.0. This makes it possible for unauthenticated attackers to update arbitrary content on the...

5.3CVSS5.2AI score0.00441EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/16 12:0 a.m.3 views

WordPress Plugin Word Replacer Pro Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS6.7AI score0.00441EPSS
Exploits0References3
OSV
OSV
added 2024/03/15 7:8 p.m.23 views

CVE-2023-51699 OS Command Injection for Fluid Users with JuicefsRuntime

Fluid is an open source Kubernetes-native Distributed Dataset Orchestrator and Accelerator for data-intensive applications. An OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8...

4CVSS6.8AI score0.00611EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/03/15 4:35 p.m.24 views

Fluid vulnerable to OS Command Injection for Fluid Users with JuicefsRuntime

Impact OS command injection vulnerability within the Fluid project's JuicefsRuntime can potentially allow an authenticated user, who has the authority to create or update the K8s CRD Dataset/JuicefsRuntime, to execute arbitrary OS commands within the juicefs related containers. This could lead to...

6CVSS8.2AI score0.00611EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2024/03/13 6:15 p.m.11 views

Cross site request forgery (csrf)

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery CSRF. Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the...

5.8CVSS7.3AI score0.0037EPSS
Exploits1References2
CVE
CVE
added 2024/03/13 5:16 p.m.74 views

CVE-2024-28195

The CVE-2024-28195 CSRF vulnerability affects the YourSpotify self-hosted dashboard (API and login flow). Affected versions are prior to 1.9.0, where CSRF protections were insufficient, enabling attackers to execute CSRF attacks that can retrieve, modify, or delete data on the victim instance. Re...

8.8CVSS8.1AI score0.0037EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2024/03/13 5:16 p.m.12 views

CVE-2024-28195 Cross-Site Request Forgery (CSRF) vulnerability in API and login in your_spotify

yourspotify is an open source, self hosted Spotify tracking dashboard. YourSpotify versions 1.9.0 do not protect the API and login flow against Cross-Site Request Forgery CSRF. Attackers can use this to execute CSRF attacks on victims, allowing them to retrieve, modify or delete data on the...

8.1CVSS7.8AI score0.0037EPSS
Exploits1References4
NVD
NVD
added 2024/03/13 4:15 p.m.16 views

CVE-2024-1862

The WooCommerce Add to Cart Custom Redirect plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'wcrdismissadminnotice' function in all versions up to, and including, 1.2.13. This makes it possible for authenticated...

8.1CVSS7.8AI score0.00673EPSS
Exploits0References3
NVD
NVD
added 2024/03/13 4:15 p.m.22 views

CVE-2024-1763

The Wp Social Login and Register Social Counter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wpsocial/v1/ REST API endpoint in all versions up to, and including, 3.0.0. This makes it possible for unauthenticated attackers to...

6.5CVSS6.2AI score0.0044EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 4:15 p.m.21 views

CVE-2024-1640

The Contact Form Builder Plugin: Multi Step Contact Form, Payment Form, Custom Contact Form Plugin by Bit Form plugin for WordPress is vulnerable to unauthorized modification of data due to a insufficient user validation on the bitformsupdateformentry AJAX action in all versions up to, and...

5.3CVSS5.1AI score0.00481EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.4 views

CVE-2024-0631

The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkduitkuresponse function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status ...

5.3CVSS5.8AI score0.0063EPSS
Exploits0References2
NVD
NVD
added 2024/03/13 4:15 p.m.9 views

CVE-2024-0369

The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and abov...

4.3CVSS4.4AI score0.00428EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.21 views

Design/Logic Flaw

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processreview' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish...

5CVSS6.9AI score0.00674EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.11 views

Design/Logic Flaw

The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and abov...

4CVSS6.8AI score0.00428EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Design/Logic Flaw

The Post Form – Registration Form – Profile Form for User Profiles – Frontend Content Forms for User Submissions UGC plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buddyformsnewpage function in all versions up to, and including,...

4CVSS7AI score0.00507EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.11 views

Design/Logic Flaw

The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or higher, to add...

4CVSS6.9AI score0.00533EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 3:27 p.m.16 views

CVE-2024-0377 LifterLMS – WordPress LMS Plugin for eLearning <= 7.5.1 - Missing Authorization via process_review

The LifterLMS – WordPress LMS Plugin for eLearning plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'processreview' function in all versions up to, and including, 7.5.1. This makes it possible for unauthenticated attackers to publish...

5.3CVSS6.7AI score0.00674EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/13 3:27 p.m.17 views

CVE-2024-0369 Bulk Edit Post Titles <= 5.0.0 - Missing Authorization via bulkUpdatePostTitles

The Bulk Edit Post Titles plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the bulkUpdatePostTitles function in all versions up to, and including, 5.0.0. This makes it possible for authenticated attackers, with subscriber access and abov...

4.3CVSS4.7AI score0.00428EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/13 3:27 p.m.15 views

CVE-2024-0631

The Duitku Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the checkduitkuresponse function in all versions up to, and including, 2.11.4. This makes it possible for unauthenticated attackers to change the payment status ...

5.3CVSS7AI score0.0063EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/13 3:27 p.m.13 views

CVE-2024-0447 ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibotupdate function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with...

5CVSS6.6AI score0.00585EPSS
Exploits0References3
Rows per page
Query Builder