Lucene search
K

66 matches found

CVE
CVE
added 2025/01/15 11:24 a.m.45 views

CVE-2024-11848

CVE-2024-11848 affects NitroPack – Caching & Speed Optimization for WordPress. The vulnerability is due to a missing capability check on the nitropack_dismiss_notice_forever AJAX action in NitroPack versions up to 1.17.0, enabling authenticated attackers with subscriber-level access and above to ...

8.1CVSS7.7AI score0.00646EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/15 11:24 a.m.5 views

CVE-2024-11848 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...

8.1CVSS7.7AI score0.00646EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/01/15 11:24 a.m.14 views

CVE-2024-11848 NitroPack <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update

The NitroPack plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'nitropackdismissnoticeforever' AJAX action in all versions up to, and including, 1.17.0. This makes it possible for authenticated attackers, with subscriber-level access...

8.1CVSS0.00646EPSS
Exploits0References2
Patchstack
Patchstack
added 2025/01/15 7:13 a.m.3 views

WordPress NitroPack plugin <= 1.17.0 - Missing Authorization to Authenticated (Subscriber+) Limited Options Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Options Update vulnerability discovered by Sean Murphy in WordPress Plugin NitroPack versions = 1.17.0...

8.1CVSS7AI score0.00646EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.3 views

WordPress plugin NitroPack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

4.3CVSS8.1AI score0.00271EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/15 12:0 a.m.4 views

WordPress plugin NitroPack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.1CVSS8.3AI score0.00646EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/01/15 12:0 a.m.6 views

PT-2025-1702 · WordPress · Nitropack

Name of the Vulnerable Software and Affected Versions: NitroPack plugin for WordPress versions up to, and including, 1.17.0 Description: The issue arises from a missing capability check in the nitropack rml notification function, allowing authenticated attackers with subscriber access or higher t...

4.3CVSS9.5AI score0.00271EPSS
Exploits0References6
OSV
OSV
added 2024/08/29 3:15 p.m.4 views

CVE-2024-43922

Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...

9.8CVSS5.8AI score0.00354EPSS
Exploits0References1
NVD
NVD
added 2024/08/29 3:15 p.m.36 views

CVE-2024-43922

Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...

9.8CVSS0.00354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/08/29 3:2 p.m.22 views

CVE-2024-43922 WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...

4.8CVSS7.1AI score0.00354EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/08/29 3:2 p.m.38 views

CVE-2024-43922 WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Improper Control of Generation of Code 'Code Injection' vulnerability in NitroPack Inc. NitroPack allows Code Injection.This issue affects NitroPack: from n/a through 1.16.7...

4.8CVSS0.00354EPSS
Exploits0References1
CVE
CVE
added 2024/08/29 3:2 p.m.59 views

CVE-2024-43922

Conforms to MODE C: CVE-2024-43922 affects NitroPack – Caching & Speed Optimization for WordPress. The vulnerability is an unauthenticated code injection via shortcode execution in NitroPack versions up to 1.16.7, allowing code execution by crafting arbitrary shortcodes. Impact is described as Co...

9.8CVSS7.3AI score0.00354EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2024/08/29 12:0 a.m.2 views

WordPress plugin NitroPack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

9.8CVSS6.9AI score0.00354EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/08/26 8:54 a.m.4 views

WordPress NitroPack plugin <= 1.16.7 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin NitroPack versions = 1.16.7...

9.8CVSS7.1AI score0.00354EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/08/26 12:0 a.m.18 views

WordPress NitroPack Plugin <= 1.16.7 is vulnerable to Broken Access Control

Software NitroPack Type Plugin Vulnerable versions = 1.16.7 Fixed in 1.16.8 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-43922 Patch priority Low CVSS severity Low 4.8 Developer Claim ownership PSID 68fa122dccba Credits Rafie Muhammad Patchstack Require...

9.8CVSS6.6AI score0.00354EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/12 12:0 a.m.11 views

NitroPack < 1.10.0 - Missing Authorization via multiple AJAX functions

Description The plugin is vulnerable to unauthorized access of data, modification of data, and loss of data due to a missing capability check on multiple AJAX function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with subscriber access and above...

6.8AI score
Exploits0References1Affected Software1
OpenVAS
OpenVAS
added 2024/01/08 12:0 a.m.20 views

WordPress NitroPack - Cache & Speed Optimization Plugin < 1.10.3 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nitropackinc:nitropack"; if description...

8.8CVSS7.2AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2024/01/05 10:15 a.m.24 views

CVE-2023-52121

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

8.8CVSS6.3AI score0.00216EPSS
Exploits0References1
Prion
Prion
added 2024/01/05 10:15 a.m.12 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

6.8CVSS7.2AI score0.00216EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2024/01/05 9:22 a.m.24 views

CVE-2023-52121 WordPress NitroPack Plugin <= 1.10.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in NitroPack Inc. NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images.This issue affects NitroPack – Cache & Speed Optimization for Core Web Vitals, Defer CSS & JavaScript, Lazy load Images: from n/a...

5.4CVSS8.9AI score0.00216EPSS
Exploits0References1
Rows per page
Query Builder