Lucene search
+L

86 matches found

vulncheck_kev
vulncheck_kev
added 2025/03/16 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-47248

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...

9.8CVSS6AI score0.14414EPSS
Exploits0References1
nvd
nvd
added 2024/12/09 1:15 p.m.19 views

CVE-2023-49861

Missing Authorization vulnerability in socialmediafeather Social Media Feather social-media-feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through = 2.1.3...

4.3CVSS0.00404EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/12/09 11:30 a.m.13 views

CVE-2023-49861 WordPress Social Media Feather plugin <= 2.1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in socialmediafeather Social Media Feather social-media-feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through = 2.1.3...

4.3CVSS8.5AI score0.00404EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2024/12/09 12:0 a.m.4 views

PT-2024-13825 · Unknown · Social Media Feather

Name of the Vulnerable Software and Affected Versions: Social Media Feather versions 2.1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Social Media Feath...

4.3CVSS9.4AI score0.00404EPSS
Exploits0References3
cnnvd
cnnvd
added 2024/12/09 12:0 a.m.6 views

WordPress plugin Social Media Feather 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS8.7AI score0.00404EPSS
Exploits0References1
nvd
nvd
added 2024/04/15 10:15 a.m.13 views

CVE-2024-31923

Cross-Site Request Forgery CSRF vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5...

4.3CVSS4.6AI score0.00214EPSS
Exploits0References1
cve
cve
added 2024/04/15 9:25 a.m.62 views

CVE-2024-31923

CVE-2024-31923 covers a CSRF vulnerability in Feather Login Page for WordPress. The connected documents specify the issue as a Cross-Site Request Forgery via saveData() affecting Feather Login Page versions up to 1.1.5 (no exact minimum version provided in the sources). The CVSS vector in the Ini...

4.3CVSS5.1AI score0.00214EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2024/04/15 9:25 a.m.9 views

CVE-2024-31923 WordPress Feather Login Page plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5...

4.3CVSS5.1AI score0.00214EPSS
Exploits0References1
cnnvd
cnnvd
added 2024/04/15 12:0 a.m.4 views

WordPress Plugin Feather Login Page Designer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

4.3CVSS6.2AI score0.00214EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/04/15 12:0 a.m.6 views

PT-2024-24286 · Pluginops · Pluginops Feather Login Page

Name of the Vulnerable Software and Affected Versions: PluginOps Feather Login Page versions 1.1.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in the PluginOps Feather Login Page. This type of vulnerability allows an attacker to trick a user into performi...

4.3CVSS6.8AI score0.00214EPSS
Exploits0References4
patchstack
patchstack
added 2024/04/10 12:57 p.m.5 views

WordPress Feather Login Page plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Feather Login Page versions = 1.1.5...

4.3CVSS6.7AI score0.00214EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2024/04/10 12:0 a.m.12 views

WordPress Feather Login Page Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Software Feather Login Page Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31923 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5a2ea7b8b70e Credits Steven Julian...

4.3CVSS6.6AI score0.00214EPSS
Exploits0References2Affected Software1
wpvulndb
wpvulndb
added 2023/12/12 12:0 a.m.14 views

Social Media Feather < 2.1.4 - Subscriber+ Unauthorised Action

Description The plugin does not have authorisation in a function, allowing any authenticated users, such as subscriber to call it...

9.2AI score0.00404EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2023/12/07 12:0 a.m.11 views

WordPress Social Media Feather Plugin <= 2.1.3 is vulnerable to Broken Access Control

Software Social Media Feather Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49861 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID c21113708404 Credits Abdi Pranata...

6.5AI score0.00404EPSS
Exploits0References2Affected Software1
osv
osv
added 2023/11/17 5:41 p.m.6 views

PYSEC-2023-238

Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files...

9.8CVSS7.1AI score0.14414EPSS
Exploits0References6
veracode
veracode
added 2023/11/10 5:34 a.m.26 views

Deserialization Of Untrusted Data

pyarrow is vulnerable to Deserialization Of Untrusted Data. The vulnerability due to the Arrow IPC, Feather or Parquet data from untrusted sources as the library does not by default disable the PyExtensionType autoloading. This allows an attacker to create PyArrow-specific extension types which...

9.8CVSS7.9AI score0.14414EPSS
Exploits0References7Affected Software1
attackerkb
attackerkb
added 2023/11/06 12:15 p.m.9 views

CVE-2023-46777

A vulnerability in PluginOps Feather Login Page feather-login-page.This issue affects Feather Login Page: from n/a through = 1.1.3...

8.8CVSS8.5AI score0.0021EPSS
Exploits0References3
wpvulndb
wpvulndb
added 2023/11/06 12:0 a.m.15 views

Feather Login Page < 1.1.4 - CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.8CVSS6.5AI score0.0021EPSS
Exploits0Affected Software1
patchstack
patchstack
added 2023/10/26 12:0 a.m.20 views

WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Feather Login Page Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46777 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 62aa1ddd991f Credits Mika Required...

8.8CVSS6.6AI score0.0021EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2023/05/31 3:15 a.m.29 views

CVE-2023-2547

The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions...

5.4CVSS5.1AI score0.00442EPSS
Exploits1References2
Rows per page
Query Builder