Lucene search
K

11 matches found

Patchstack
Patchstack
added 2023/11/07 12:0 a.m.14 views

WordPress Front End PM Plugin < 11.4.3 is vulnerable to Sensitive Data Exposure

Software Front End PM Type Plugin Vulnerable versions 11.4.3 Fixed in 11.4.3 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2023-4930 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID a8a31ca22e6b Credits Dmitrii Ignatyev Required...

6.5CVSS6.4AI score0.00409EPSS
Exploits2References4Affected Software1
OSV
OSV
added 2023/11/06 9:15 p.m.8 views

CVE-2023-4930

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

6.5CVSS7.3AI score0.00409EPSS
Exploits2References1
NVD
NVD
added 2023/11/06 9:15 p.m.20 views

CVE-2023-4930

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

6.5CVSS6.3AI score0.00409EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/11/06 8:41 p.m.10 views

CVE-2023-4930 Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

6.3AI score0.00409EPSS
Exploits2References1
CVE
CVE
added 2023/11/06 8:41 p.m.65 views

CVE-2023-4930

CVE-2023-4930 affects the Front End PM WordPress plugin prior to 11.4.3. The vulnerability arises because the plugin does not block listing of directories where private-message attachments are stored, enabling unauthenticated users to list and download those attachments if the web server’s autoin...

6.5CVSS6.5AI score0.00409EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2023/11/06 8:41 p.m.25 views

CVE-2023-4930 Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

The Front End PM WordPress plugin before 11.4.3 does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

6.5AI score0.00409EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2023/11/06 12:0 a.m.5 views

PT-2023-31160 · WordPress · Front End Pm

Name of the Vulnerable Software and Affected Versions: Front End PM WordPress plugin versions prior to 11.4.3 Description: The issue allows unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled, due to the plugin not blocking the...

6.5CVSS6.8AI score0.00409EPSS
Exploits2References4
wpexploit
wpexploit
added 2023/10/16 12:0 a.m.141 views

Front End PM < 11.4.3 - Sensitive Data Exposure via Directory Listing

Description The plugin does not block listing the contents of the directories where it stores attachments to private messages, allowing unauthenticated visitors to list and download private attachments if the autoindex feature of the web server is enabled...

6.5CVSS6.7AI score0.00409EPSS
Exploits2
Patchstack
Patchstack
added 2023/07/18 12:0 a.m.8 views

WordPress Front End PM Plugin < 11.3.9 is vulnerable to Cross Site Scripting (XSS)

Software Front End PM Type Plugin Vulnerable versions 11.3.9 Fixed in 11.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d8bae7ecb926 Credits Rafie Muhammad Patchstack Required...

6.8AI score0.00284EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.8 views

WordPress Front End PM plugin < 11.3.4 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress Front End PM plugin versions 11.3.4. Solution Update the WordPress Front End PM plugin to the latest available version at least 11.3.4...

2.3AI score
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.15 views

WordPress Front End PM plugin < 11.3.4 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Front End PM plugin versions 11.3.4. Solution Update the WordPress Front End PM plugin to the latest available version at least 11.3.4...

3.7AI score
Exploits0References2Affected Software1
Rows per page
Query Builder