Lucene search
K

50 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:1 a.m.13 views

CVE-2024-6599

The Meks Video Importer plugin for WordPress is vulnerable to unauthorized API key modification due to a missing capability check on the ajaxsavesettings function in all versions up to, and including, 1.0.12. This makes it possible for authenticated attackers, with Subscriber-level access and...

4.3CVSS5.8AI score0.00325EPSS
Exploits0References1
CVE
CVE
added 2025/02/27 2:12 a.m.68 views

CVE-2025-21752

CVE-2025-21752 (Linux kernel, Btrfs) The issue arises when modifying keys in the RAID stripe-tree using btrfs_set_item_key_safe, which can lead to tree corruption. The root cause of the tree-order issue is not clearly detailed in the provided documents. A practical mitigation suggested in the sou...

5.5CVSS6.3AI score0.00163EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2025/01/07 3:21 a.m.11 views

CVE-2024-12559 ClickDesigns <= 1.8.0 - Missing Authorization to API Key Modification or Removal

The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesignsaddapi' and the 'clickdesignsremoveapi' functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to...

5.3CVSS6.7AI score0.00391EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/01/07 3:21 a.m.22 views

CVE-2024-12559 ClickDesigns <= 1.8.0 - Missing Authorization to API Key Modification or Removal

The ClickDesigns plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'clickdesignsaddapi' and the 'clickdesignsremoveapi' functions in all versions up to, and including, 1.8.0. This makes it possible for unauthenticated attackers to...

5.3CVSS0.00391EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.8 views

PT-2025-1895 · WordPress · Clickdesigns

Name of the Vulnerable Software and Affected Versions: ClickDesigns plugin for WordPress versions up to, and including, 1.8.0 Description: The issue allows unauthorized modification of data due to a missing capability check on the clickdesigns add api and the clickdesigns remove api functions. Th...

5.3CVSS7.2AI score0.00391EPSS
Exploits0References7
Cvelist
Cvelist
added 2024/12/07 1:45 a.m.25 views

CVE-2024-7894 If Menu <= 0.19.1 - Missing Authorization to License Key Update

The If Menu plugin for WordPress is vulnerable to unauthorized modification of the plugin's license key due to a missing capability check on the 'actions' function in versions up to, and including, 0.19.1. This makes it possible for unauthenticated attackers to modify delete or modify the license...

5.3CVSS0.00356EPSS
Exploits0References3
CVE
CVE
added 2024/07/18 2:3 a.m.64 views

CVE-2024-6599

The CVE affects Meks Video Importer for WordPress. Root cause: missing capability check in ajax_save_settings allows authenticated users with Subscriber+ to modify plugin API keys in all versions up to 1.0.11. Impact: unauthorized API key modification could enable misuse of the plugin’s API keys....

4.3CVSS5.8AI score0.00325EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/05/30 4:31 a.m.27 views

CVE-2024-3277 Yumpu ePaper publishing <= 2.0.24 - Missing Authorization to PDF Upload, Publishing, and API Key Modification

The Yumpu ePaper publishing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxhandler function in all versions up to, and including, 2.0.24. This makes it possible for authenticated attackers, with subscriber-level access and abov...

5CVSS5.2AI score0.00316EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/30 12:0 a.m.14 views

PT-2024-24841 · WordPress · Yumpu Epaper Publishing Plugin

Name of the Vulnerable Software and Affected Versions: Yumpu ePaper publishing plugin for WordPress version 2.0.24 and earlier Description: The issue allows authenticated attackers with subscriber-level access and above to upload PDF files, publish them, and modify the API key due to a missing...

5CVSS6.7AI score0.00316EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2023/05/20 3:15 a.m.4 views

CVE-2023-2714

The Groundhogg plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'checklicense' functions in versions up to, and including, 2.7.9.8. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

4.3CVSS6.7AI score0.00528EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/05/20 12:0 a.m.5 views

PT-2023-20972 · WordPress · Groundhogg

Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is related to a missing capability check on the check license functions, allowing authenticated attackers with subscriber-level permissions and abov...

4.3CVSS5.2AI score0.00528EPSS
Exploits0References9
Vulnrichment
Vulnrichment
added 2023/03/06 1:33 p.m.6 views

CVE-2023-0328 WPCode < 2.0.7 - Contributor+ WPCode Library Auth Key Update/Deletion

The WPCode WordPress plugin before 2.0.7 does not have adequate privilege checks in place for several AJAX actions, only checking the nonce. This may lead to allowing any authenticated user who can edit posts to call the endpoints related to WPCode Library authentication such as update and delete...

7.2AI score0.00801EPSS
Exploits2References1
OSV
OSV
added 2022/02/15 1:57 a.m.26 views

GHSA-5GJM-FJ42-X983 etcd Cross-site Request Forgery (CSRF)

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe can't PUT from an HTML form or such but POST allows creating...

8.8CVSS7.7AI score0.01266EPSS
Exploits1References8
GitLab Advisory Database
GitLab Advisory Database
added 2022/02/15 12:0 a.m.22 views

Cross-Site Request Forgery (CSRF)

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe can't PUT from an HTML form or such but POST allows creating...

8.8CVSS6.6AI score0.01266EPSS
Exploits1References9Affected Software1
OSV
OSV
added 2018/04/03 4:29 p.m.23 views

CVE-2018-1098

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe can't PUT from an HTML form or such but POST allows creating...

8.8CVSS8.7AI score
Exploits0References4
Prion
Prion
added 2018/04/03 4:29 p.m.18 views

Cross site request forgery (csrf)

A cross-site request forgery flaw was found in etcd 3.3.1 and earlier. An attacker can set up a website that tries to send a POST request to the etcd server and modify a key. Adding a key is done with PUT so it is theoretically safe can't PUT from an HTML form or such but POST allows creating...

6.8CVSS8.3AI score0.01266EPSS
Exploits1References4Affected Software2
CVE
CVE
added 2018/04/03 4:0 p.m.90 views

CVE-2018-1098

CVE-2018-1098 affects etcd 3.3.1 and earlier, where CSRF allows an attacker to induce the etcd server to perform unauthorized actions by sending crafted POST requests via a malicious site. The description notes that PUT is safer for adding keys, but POST can be used to create in-order keys. The N...

8.8CVSS8AI score0.01266EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2016/04/08 3:0 p.m.30 views

CVE-2016-3984

The McAfee VirusScan Console mcconsol.exe in McAfee Active Response MAR before 1.1.0.161, Agent MA 5.x before 5.0.2 Hotfix 1110392 5.0.2.333, Data Exchange Layer 2.x DXL before 2.0.1.140.1, Data Loss Prevention Endpoint DLPe 9.3 before Patch 6 and 9.4 before Patch 1 HF3, Device Control MDC 9.3...

5AI score0.01131EPSS
Exploits2References5
myhack58
myhack58
added 2016/03/09 12:0 a.m.103 views

Technology share: how to use Python and PyInstaller to write a Windows malicious code-vulnerability warning-the black bar safety net

Disclaimer: This article is intended to share, not for malicious use! This article mainly shows is through the use of python and PyInstaller to build the malicious software of some poc. ! Known to all, malicious software and more will continued to target of the attack. And this is on windows ther...

0.3AI score
Exploits0
seebug.org
seebug.org
added 2016/01/09 12:0 a.m.36 views

大汉网络 /jcms/interface/ldap/receive.jsp 接口未授权更改密钥

相关代码如下 if state.equals"S" //注册应用 boolean b = ldapBlf.writeXMLappname,enckey,ldapurl,webtype,ssourl,encrypttype; 未授权注册并覆盖了 enckey 得到 enckey 之后利用可以参照 https://www.sebug.net/vuldb/ssvid-90213...

7.1AI score
Exploits0
Rows per page
Query Builder