Lucene search
K

1115 matches found

Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.12 views

PT-2024-13347 · WordPress · Ladiapp

Name of the Vulnerable Software and Affected Versions: LadiApp plugin for WordPress versions up to, and including, 4.3 Description: The issue is related to a missing nonce check on the save config function, making it possible for unauthenticated attackers to update the ladipage config option via ...

4.3CVSS9.4AI score0.0021EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.4 views

PT-2024-13442 · WordPress · Ladiapp

Name of the Vulnerable Software and Affected Versions: LadiApp plugin for WordPress versions up to, and including, 4.4 Description: The issue is related to a missing nonce check on the init endpoint function, which is hooked via 'init'. This allows unauthenticated attackers to modify various...

4.3CVSS9.3AI score0.00275EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2024/03/12 12:0 a.m.20 views

Team Circle Image Slider With Lightbox < 1.0.1 - Image Data Update via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the circlethumbnailsliderwithlightboximagemanagementfunc function. This makes it possible for unauthenticated attackers to edit image data which can be used to inject malicious...

5.3CVSS6.5AI score0.00202EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.4 views

PT-2024-13346 · WordPress · Ladiapp

Name of the Vulnerable Software and Affected Versions: LadiApp plugin for WordPress versions up to, and including, 4.4 Description: The issue is related to a missing nonce check on the ladiflow save hook function, making it possible for unauthenticated attackers to update the ladiflow hook config...

4.3CVSS9.4AI score0.0021EPSS
Exploits0References6
NVD
NVD
added 2024/03/07 8:15 p.m.22 views

CVE-2024-0203

The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digitssavesettings' function. This makes it possible for unauthenticated attackers to modify the default role of registered users to...

8.8CVSS8.4AI score0.00273EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/03/07 12:0 a.m.25 views

Digits < 8.4.2 - Cross-Site Request Forgery to Privilege Escalation

Description The Digits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.4.1. This is due to missing nonce validation in the 'digitssavesettings' function. This makes it possible for unauthenticated attackers to modify the default role of...

8.8CVSS6.6AI score0.00273EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/02/29 1:43 a.m.5 views

CVE-2024-1335

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to...

4.3CVSS7.2AI score0.0021EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.24 views

Cross site request forgery (csrf)

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the addtocompare function. This makes it possible for unauthenticated attackers to add...

4.3CVSS6.6AI score0.00244EPSS
Exploits0References2
Prion
Prion
added 2024/02/29 1:43 a.m.30 views

Cross site request forgery (csrf)

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the disableOptimization function. This makes it possible for unauthenticated attackers to...

4.3CVSS6.6AI score0.0021EPSS
Exploits0References2
OSV
OSV
added 2024/02/28 9:15 a.m.3 views

CVE-2024-1954

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for...

6.3CVSS7.2AI score0.00215EPSS
Exploits0References2
OSV
OSV
added 2024/02/28 9:15 a.m.2 views

CVE-2024-0767

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

4.3CVSS5.8AI score0.00275EPSS
Exploits0References2
OSV
OSV
added 2024/02/28 9:15 a.m.4 views

CVE-2024-0431

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxsetdefaultcard' function. This makes it possible for unauthenticated attackers to set the...

4.3CVSS5.7AI score0.00295EPSS
Exploits0References2
Prion
Prion
added 2024/02/28 9:15 a.m.16 views

Cross site request forgery (csrf)

The Oliver POS – A WooCommerce Point of Sale POS plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1.8. This is due to missing or incorrect nonce validation in the includes/class-pos-bridge-install.php file. This makes it possible for...

6.8CVSS6.7AI score0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.5 views

PT-2024-15556 · WordPress · Gestpay For Woocommerce

Name of the Vulnerable Software and Affected Versions: Gestpay for WooCommerce plugin for WordPress versions up to, and including, 20221130 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax delete card function. This allows...

4.3CVSS9.2AI score0.00275EPSS
Exploits0References6
CNNVD
CNNVD
added 2024/02/28 12:0 a.m.4 views

WordPress Plugin Gestpay for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

4.3CVSS6.6AI score0.00275EPSS
Exploits0References3
OSV
OSV
added 2024/02/27 11:15 a.m.3 views

CVE-2024-1910

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories...

4.3CVSS7.2AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.6 views

PT-2024-18415 · WordPress · Categorify

Name of the Vulnerable Software and Affected Versions: Categorify plugin for WordPress versions up to, and including, 1.0.7.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This allows...

4.3CVSS9.3AI score0.00202EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2024/02/20 6:56 p.m.20 views

CVE-2024-1338

The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the stopOptimizeAll function. This makes it possible for unauthenticated attackers to...

4.3CVSS6.3AI score0.00208EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/02/14 12:0 a.m.4 views

PT-2024-3142 · WordPress · The Tutor Lms

Name of the Vulnerable Software and Affected Versions: The Tutor LMS – eLearning and online course solution plugin for WordPress versions up to, and including, 2.6.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the erase tutor dat...

5CVSS9.3AI score0.0022EPSS
Exploits0References9
OSV
OSV
added 2024/02/08 6:15 a.m.6 views

CVE-2024-0511

The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the wprupdateformactionmeta function. This makes it possible for unauthenticated attacker...

4.3CVSS7.2AI score
Exploits0References2
Rows per page
Query Builder