Lucene search
+L

2155 matches found

Positive Technologies
Positive Technologies
added 2023/02/28 12:0 a.m.7 views

PT-2023-16698 · WordPress · Wp Meta Seo

Name of the Vulnerable Software and Affected Versions: WP Meta SEO plugin for WordPress versions up to, and including, 4.5.3 Description: The issue arises from a missing capability check on the listPostsCategory function, allowing authenticated attackers with subscriber-level access to obtain pos...

4.3CVSS5.4AI score0.00576EPSS
Exploits0References8
SUSE CVE
SUSE CVE
added 2023/02/15 6:3 a.m.4 views

SUSE CVE-2009-1883

The z90cryptunlockedioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage...

4.4CVSS6.2AI score0.00342EPSS
Exploits1References4
OSV
OSV
added 2023/02/08 2:15 a.m.9 views

CVE-2023-0720

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolderorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

4.3CVSS5.8AI score0.00576EPSS
Exploits0References3
OSV
OSV
added 2023/02/08 2:15 a.m.8 views

CVE-2023-0716

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxeditfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

4.3CVSS6.5AI score0.00576EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.4 views

CVE-2023-0715

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxclonefolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2023/02/08 2:15 a.m.2 views

CVE-2023-0684

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxunassignfolders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
VulnCheck KEV
VulnCheck KEV
added 2023/02/08 12:0 a.m.6 views

VulnCheck KEV: CVE-2023-0720

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavefolderorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to...

5.4CVSS6.5AI score0.00576EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2023/02/08 12:0 a.m.8 views

PT-2023-16468 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax save state function, allowing authenticated attackers with subscriber-level permissions and...

5.4CVSS5.2AI score0.00576EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/02/08 12:0 a.m.7 views

PT-2023-16453 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax unassign folders function, which allows authenticated attackers with subscriber-level...

5.4CVSS5.2AI score0.00576EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/02/08 12:0 a.m.12 views

PT-2023-16476 · WordPress · Wicked Folders

Name of the Vulnerable Software and Affected Versions: Wicked Folders plugin for WordPress versions up to, and including, 2.18.16 Description: The issue is related to a missing capability check on the ajax save folder order function, which allows authenticated attackers with subscriber-level...

5.4CVSS5.3AI score0.00576EPSS
Exploits0References7
OSV
OSV
added 2023/02/07 11:15 p.m.6 views

CVE-2023-0719

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxsavesortorder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

4.3CVSS5.8AI score0.00601EPSS
Exploits0References3
OSV
OSV
added 2023/02/07 11:15 p.m.3 views

CVE-2023-0712

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxmoveobject function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

4.3CVSS6.5AI score0.00601EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/02/07 10:15 p.m.1 views

CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS5.9AI score0.00576EPSS
Exploits0References4
OSV
OSV
added 2023/01/27 10:15 p.m.9 views

CVE-2023-0556

The ContentStudio plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions in versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to obtain the blog metadata via the function cstugetmetadata that...

6.5CVSS6.6AI score0.00952EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2023/01/13 12:0 a.m.8 views

PT-2023-16148 · WordPress · Mediamatic – Media Library Folders

Name of the Vulnerable Software and Affected Versions: Mediamatic – Media Library Folders plugin for WordPress versions up to, and including, 2.8.1 Description: The issue is related to a missing capability check on AJAX actions, allowing authenticated attackers with subscriber-level permissions a...

4.3CVSS4.3AI score0.00568EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2023/01/12 12:0 a.m.7 views

PT-2023-8309 · Hostinger · Hostinger Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Hostinger plugin for WordPress versions up to, and including, 1.9.7 Description: The issue is related to the public website function of the Hostinger plugin for WordPress, which has weaknesses in its authorization procedure. This can allow a...

7.5CVSS7AI score0.00449EPSS
Exploits0References8
OSV
OSV
added 2022/12/16 2:15 p.m.6 views

CVE-2022-4555

The WP Shamsi plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the deactivate function hooked via init in versions up to, and including, 4.1.0. This makes it possible for unauthenticated attackers to deactivate arbitrary plugins on the site. This can...

5.3CVSS5.9AI score0.00665EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/14 12:0 a.m.10 views

PT-2022-27365 · WordPress · Mega Addons

Name of the Vulnerable Software and Affected Versions: Mega Addons plugin for WordPress versions up to, and including, 4.2.7 Description: The issue is related to authorization bypass due to a missing capability check on the vc saving data function. This allows authenticated attackers with...

7.1CVSS6.2AI score0.00692EPSS
Exploits0References5
VulnCheck KEV
VulnCheck KEV
added 2022/04/13 12:0 a.m.3 views

VulnCheck KEV: CVE-2022-1329

The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the /core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious...

8.8CVSS7.3AI score0.92658EPSS
Exploits10References1
NVD
NVD
added 2022/02/04 11:15 p.m.57 views

CVE-2022-0218

The WP HTML Mail WordPress plugin is vulnerable to unauthorized access which allows unauthenticated attackers to retrieve and modify theme settings due to a missing capability check on the /themesettings REST-API endpoint found in the /includes/class-template-designer.php file, in versions up to...

8.3CVSS0.70511EPSS
Exploits3References2
Rows per page
Query Builder