Lucene search
K

5 matches found

NVD
NVD
added 2023/01/19 3:15 p.m.34 views

CVE-2023-0403

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

5.4CVSS5.2AI score0.00374EPSS
Exploits2References3
Prion
Prion
added 2023/01/19 3:15 p.m.20 views

Authorization

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta...

5.5CVSS5.2AI score0.00765EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/01/19 3:15 p.m.22 views

Cross site request forgery (csrf)

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

5.8CVSS5.2AI score0.00374EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2023/01/19 2:7 p.m.39 views

CVE-2023-0403 Social Warfare <= 4.3.1 - Cross-Site Request Forgery

The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...

5.4CVSS5.5AI score0.00374EPSS
Exploits2References2
Cvelist
Cvelist
added 2023/01/19 2:7 p.m.29 views

CVE-2023-0402 Social Warfare <= 4.3.0 - Missing Authorization

The Social Warfare plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several AJAX actions in versions up to, and including, 4.3.0. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to delete post meta...

5.4CVSS5.5AI score0.00765EPSS
Exploits1References3
Rows per page
Query Builder