Lucene search
K

10515 matches found

ATTACKERKB
ATTACKERKB
added 2024/03/12 10:15 a.m.2 views

CVE-2023-4626

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflowsavehook function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2024/03/12 10:15 a.m.24 views

Cross site scripting

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and abov...

4CVSS4.1AI score0.00317EPSS
Exploits0References2
Prion
Prion
added 2024/03/12 10:15 a.m.18 views

Design/Logic Flaw

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the saveconfig function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update the...

4CVSS4.3AI score0.00343EPSS
Exploits0References2
Prion
Prion
added 2024/03/12 10:15 a.m.24 views

Design/Logic Flaw

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflowsavehook function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the...

4CVSS4.3AI score0.0034EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/12 9:33 a.m.18 views

CVE-2023-4728 LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Missing Authorization on publish_lp()

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and abov...

4.3CVSS6.6AI score0.00317EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/03/12 9:33 a.m.20 views

CVE-2023-4626

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflowsavehook function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References2
NVD
NVD
added 2024/03/12 1:15 a.m.25 views

CVE-2024-27902

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to...

6.1CVSS5.3AI score0.00474EPSS
Exploits0References2
Prion
Prion
added 2024/03/12 1:15 a.m.39 views

Cross site scripting

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to...

4.9CVSS5.4AI score0.00474EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/03/12 12:45 a.m.21 views

CVE-2024-27902 Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS ABAP applications based on SAPGUI for HTML (WebGUI)

Applications based on SAP GUI for HTML in SAP NetWeaver AS ABAP - versions 7.89, 7.93, do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability. A successful attack can allow a malicious attacker to access and modify data through their ability to...

5.4CVSS6AI score0.00474EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.6 views

PT-2024-6681 · Mongodb · Mongodb Rust Driver

Name of the Vulnerable Software and Affected Versions: MongoDB Rust Driver versions prior to 2.8.2 Description: The issue is related to incorrect handling of syntactically incorrect structures, which may result in the construction of unintended server commands. This could lead to unexpected...

6.4CVSS7.1AI score0.00277EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.4 views

WordPress Plugin LadiApp Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

4.3CVSS6.6AI score0.0034EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.6 views

PT-2024-13343 · WordPress · Ladiapp

Name of the Vulnerable Software and Affected Versions: LadiApp plugin for WordPress versions up to, and including, 4.3 Description: The issue is related to a missing capability check on the ladiflow save hook function, allowing authenticated attackers with subscriber-level access and above to...

4.3CVSS9.2AI score0.0034EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/03/12 12:0 a.m.3 views

WordPress Plugin LadiApp Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

4.3CVSS6.3AI score0.00343EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.5 views

PT-2024-13434 · WordPress · Ladiapp

Name of the Vulnerable Software and Affected Versions: LadiApp plugin for WordPress versions up to, and including, 4.4 Description: The issue arises from a missing capability check on the publish lp function, which is hooked via an AJAX action. This allows authenticated attackers with...

5.4CVSS9.4AI score0.00317EPSS
Exploits0References6
WPVulnDB
WPVulnDB
added 2024/03/11 12:0 a.m.17 views

LadiApp: Landing Page, PopupX, Marketing Automation, Affiliate Marketing… <= 4.4 - Missing Authorization on publish_lp()

Description The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level...

5.4CVSS6.2AI score0.00317EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/03/11 12:0 a.m.20 views

Auto Affiliate Links < 6.4.3.1 - Missing Authorization via aalAddLink

Description The Auto Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the aalAddLink function in all versions up to, and including, 6.4.3. This makes it possible for authenticated attackers, with subscriber access or...

4.3CVSS6.6AI score0.00533EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/03/11 12:0 a.m.9 views

LadiApp <= 4.4 - Missing Authorization via ladiflow_save_hook()

Description The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflowsavehook function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to...

4.3CVSS4.6AI score0.0034EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/03/09 9:37 a.m.10 views

CVE-2024-1870 Colibri Page Builder <= 1.0.260 - Missing Authorization

The Colibri Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the callActivateLicenseEndpoint function in all versions up to, and including, 1.0.260. This makes it possible for authenticated attackers, with subscriber access ...

4.3CVSS6.6AI score0.00406EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/09 12:0 a.m.4 views

WordPress Plugin EventPrime Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

6.5CVSS6.6AI score0.0041EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/09 12:0 a.m.5 views

WordPress Plugin Colibri Page Builder Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.6AI score0.00406EPSS
Exploits0References4
Rows per page
Query Builder