Lucene search
+L

320 matches found

Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.11 views

PT-2024-38382 · WordPress · Mainwp Child Reports

Name of the Vulnerable Software and Affected Versions: MainWP Child Reports plugin for WordPress versions up to, and including, 2.2 Description: The issue is due to missing or incorrect nonce validation on the network options action function, making it possible for unauthenticated attackers to...

8.8CVSS7.2AI score0.00307EPSS
Exploits0References8
Patchstack
Patchstack
added 2024/08/08 12:0 a.m.11 views

WordPress MainWP Child Reports Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software MainWP Child Reports Type Plugin Vulnerable versions = 2.2 Fixed in 2.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7492 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 52f6716cf94e Credits vgo0 Required...

8.8CVSS6.7AI score0.00307EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/06/11 12:0 a.m.7 views

WPvivid Backup for MainWP < 0.9.34 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The WPvivid Backup for MainWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.9.33 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9AI score
Exploits0References1Affected Software1
OSV
OSV
added 2024/06/09 10:15 a.m.3 views

CVE-2023-23640

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...

8.8CVSS5.8AI score0.00293EPSS
Exploits0References1
NVD
NVD
added 2024/06/09 10:15 a.m.53 views

CVE-2023-23640

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...

8.8CVSS0.00293EPSS
Exploits0References1
NVD
NVD
added 2024/06/09 10:15 a.m.24 views

CVE-2023-23639

Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3...

8.8CVSS0.00293EPSS
Exploits0References1
OSV
OSV
added 2024/06/09 10:15 a.m.5 views

CVE-2023-23639

Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3...

8.8CVSS5.8AI score0.00293EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/09 9:15 a.m.13 views

CVE-2023-23640 WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...

5.4CVSS7AI score0.00293EPSS
Exploits0References1
CVE
CVE
added 2024/06/09 9:15 a.m.59 views

CVE-2023-23640

The CVE-2023-23640 entry concerns the WordPress plugin MainWP UpdraftPlus Extension (versions ≤ 4.0.6). Public sources in the connected documents indicate a Broken Access Control (Missing Authorization) vulnerability that allows a Subscriber-level attacker to activate plugins arbitrarily. Patch g...

8.8CVSS6.3AI score0.00293EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/06/09 9:15 a.m.45 views

CVE-2023-23640 WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...

5.4CVSS0.00293EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/06/09 9:13 a.m.14 views

CVE-2023-23639 WordPress MainWP Staging Extension Plugin <= 4.0.3 - Subscriber+ Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3...

5.4CVSS7AI score0.00293EPSS
Exploits0References1
CVE
CVE
added 2024/06/09 9:13 a.m.62 views

CVE-2023-23639

The CVE-2023-23639 entry concerns the WordPress MainWP Staging Extension plugin, affected through version 4.0.3. The root cause is a Missing Authorization vulnerability in the plugin (Broken Access Control), enabling a Subscriber to perform an arbitrary plugin activation action. Public sources (P...

8.8CVSS6.3AI score0.00293EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/06/09 9:13 a.m.33 views

CVE-2023-23639 WordPress MainWP Staging Extension Plugin <= 4.0.3 - Subscriber+ Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3...

5.4CVSS0.00293EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/06/09 12:0 a.m.5 views

WordPress plugin MainWP Staging Extension security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.7AI score0.00293EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/06/09 12:0 a.m.8 views

PT-2024-11988 · Mainwp · Mainwp Mainwp Updraftplus Extension

Name of the Vulnerable Software and Affected Versions: MainWP MainWP UpdraftPlus Extension versions 4.0.6 and earlier Description: The issue is related to a Missing Authorization vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide o...

8.8CVSS6.9AI score0.00293EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/06/09 12:0 a.m.3 views

PT-2024-11987 · Mainwp · Mainwp Staging Extension

Name of the Vulnerable Software and Affected Versions: MainWP MainWP Staging Extension versions 4.0.3 and earlier Description: The issue is related to a Missing Authorization vulnerability in the MainWP MainWP Staging Extension. Recommendations: For MainWP MainWP Staging Extension versions 4.0.3...

8.8CVSS7.1AI score0.00293EPSS
Exploits0References5
CNNVD
CNNVD
added 2024/06/09 12:0 a.m.24 views

WordPress plugin MainWP UpdraftPlus Extension Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

8.8CVSS6.7AI score0.00293EPSS
Exploits0References2
NVD
NVD
added 2024/06/04 2:15 p.m.23 views

CVE-2024-35664

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpvividplugins WPvivid Backup for MainWP wpvivid-backup-mainwp allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through = 0.9.32...

7.1CVSS7AI score0.00256EPSS
Exploits0References2
OSV
OSV
added 2024/06/04 2:15 p.m.6 views

CVE-2024-35664

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in WPvivid Team WPvivid Backup for MainWP allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through 0.9.32...

6.1CVSS5.8AI score0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/04 1:54 p.m.38 views

CVE-2024-35664 WordPress WPvivid Backup for MainWP plugin <= 0.9.32 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpvividplugins WPvivid Backup for MainWP wpvivid-backup-mainwp allows Reflected XSS.This issue affects WPvivid Backup for MainWP: from n/a through = 0.9.32...

7.1CVSS6.5AI score0.00256EPSS
Exploits0References1
Rows per page
Query Builder