Lucene search
K

63 matches found

Vulnrichment
Vulnrichment
added 2024/07/03 6:0 a.m.21 views

CVE-2024-2233 Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group...

7.2AI score0.00193EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/07/03 6:0 a.m.26 views

CVE-2024-2231 Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR

The allows any authenticated user to join a private group due to a missing authorization check on a function...

0.00374EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/03 6:0 a.m.27 views

CVE-2024-2235 Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack...

0.00193EPSS
Exploits2References1
CVE
CVE
added 2024/07/03 6:0 a.m.76 views

CVE-2024-2233

Affected software/impact: Himer WordPress theme prior to 2.1.1 contains CSRF vulnerabilities in group-management actions (e.g., declining/accepting invitations, leaving a group). The root cause is missing CSRF checks in certain areas, enabling logged-in users to be targeted via CSRF attacks. Vers...

6.3CVSS4.5AI score0.00193EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/07/03 6:0 a.m.65 views

CVE-2024-2234

CVE-2024-2234 affects the Himer WordPress theme prior to version 2.1.1. The issue arises from insufficient sanitisation and escaping of certain Post settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., Contributors). The vulnerability is tied to the theme’s handling of po...

6.3CVSS5.1AI score0.00335EPSS
Exploits2References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/03 6:0 a.m.21 views

CVE-2024-2235 Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack...

6.8AI score0.00193EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/07/03 6:0 a.m.14 views

CVE-2024-2231 Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR

The allows any authenticated user to join a private group due to a missing authorization check on a function...

6.7AI score0.00374EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/03 6:0 a.m.29 views

CVE-2024-2233 Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group...

0.00193EPSS
Exploits2References1
CVE
CVE
added 2024/07/03 6:0 a.m.73 views

CVE-2024-2235

The CVE-2024-2235 entry concerns the Himer WordPress theme pre-2.1.1 lacking CSRF checks in multiple areas, enabling CSRF-based vote manipulation on polls (including restricted ones). Affected product: Himer WordPress theme

6.3CVSS4.5AI score0.00193EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2024/07/03 6:0 a.m.30 views

CVE-2024-2234 Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS

The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...

0.00335EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/07/03 6:0 a.m.15 views

CVE-2024-2234 Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS

The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...

5.9AI score0.00335EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/07/03 6:0 a.m.18 views

CVE-2024-2040 Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...

6.8AI score0.00193EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/07/03 6:0 a.m.40 views

CVE-2024-2040 Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...

0.00193EPSS
Exploits2References1
CVE
CVE
added 2024/07/03 6:0 a.m.67 views

CVE-2024-2040

The connected Patchstack entry confirms a CSRF vulnerability in WordPress theme Himer prior to version 2.1.1, enabling an attacker to cause users to join private groups without authorization. The affected product is the Himer WordPress theme (versions

6.3CVSS4.6AI score0.00193EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.6 views

PT-2024-18659 · Himer · Himer

Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue is related to the lack of CSRF checks in certain areas, which could allow attackers to make users join private groups via a CSRF attack. Recommendations: For versions prior ...

6.3CVSS7.2AI score0.00193EPSS
Exploits2References5
Patchstack
Patchstack
added 2024/07/03 12:0 a.m.14 views

WordPress Himer Theme < 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Himer Type Theme Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2233 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 655236f18e54 Credits Sushmita Poudel Required privileg...

6.3CVSS6.6AI score0.00193EPSS
Exploits2References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.6 views

PT-2024-19355 · WordPress · Himer

Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to manipulate users into voting on polls they do not have access to through a CSRF attack...

6.3CVSS7.2AI score0.00193EPSS
Exploits2References4
Positive Technologies
Positive Technologies
added 2024/07/03 12:0 a.m.6 views

PT-2024-19343 · Himer · Himer

Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue concerns the lack of CSRF checks in certain areas, allowing attackers to perform unwanted actions on logged-in users through CSRF attacks. This includes actions such as...

6.3CVSS7.3AI score0.00193EPSS
Exploits2References4
CNNVD
CNNVD
added 2024/07/03 12:0 a.m.4 views

WordPress theme Himer Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site request forgery vulnerability exists in WordPress theme Himer versions prior t...

6.3CVSS6.6AI score0.00193EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/07/03 12:0 a.m.5 views

WordPress theme Himer cross-site scripting vulnerability

WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Himer versions prior to 2.1....

6.3CVSS6AI score0.00335EPSS
Exploits2References2
Rows per page
Query Builder