CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

VulnCheck KEV•added 2023/02/02 12:0 a.m.•2 views

VulnCheck KEV: CVE-2022-3911

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any...

8.8CVSS7.3AI score0.00208EPSS

Exploits2References1

OSV•added 2023/01/02 10:15 p.m.•1 views

CVE-2022-3911

8.8CVSS5.8AI score0.00208EPSS

Exploits2References1

Prion•added 2023/01/02 10:15 p.m.•17 views

Cross site request forgery (csrf)

6.5CVSS8.5AI score0.00208EPSS

Exploits2References1Affected Software1

Vulnrichment•added 2023/01/02 9:49 p.m.•4 views

CVE-2022-3911 iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

8.6AI score0.00208EPSS

Exploits2References1

CNNVD•added 2023/01/02 12:0 a.m.•2 views

WordPress plugin iubenda 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

8.8CVSS7.7AI score0.00208EPSS

Exploits2References2

WPVulnDB•added 2022/12/12 12:0 a.m.•16 views

iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

The plugin does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as editplugins etc PoC Run...

8.8CVSS0.8AI score0.00208EPSS

Exploits2Affected Software1