Lucene search
K

8 matches found

NVD
NVD
added 2023/12/18 8:15 p.m.25 views

CVE-2023-5882

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution...

8.8CVSS0.0055EPSS
Exploits2References1
Prion
Prion
added 2023/12/18 8:15 p.m.21 views

Remote code execution

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution...

6.8CVSS7.9AI score0.0055EPSS
Exploits2References1Affected Software2
Cvelist
Cvelist
added 2023/12/18 8:8 p.m.29 views

CVE-2023-5882 WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution...

9.2AI score0.0055EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/12/18 8:8 p.m.11 views

CVE-2023-5882 WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF

The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution...

7.9AI score0.0055EPSS
Exploits2References1
CVE
CVE
added 2022/12/12 5:54 p.m.62 views

CVE-2022-4004

Affected software: Donation Button WordPress plugin, versions through 4.0.0. Vulnerability: the AJAX action donation_button_twilio_send_test_sms does not properly enforce privileges or nonce checks. Impact: any logged-in user on the site (e.g., subscribers) could use the plugin’s Twilio integrati...

4.3CVSS4.7AI score0.00486EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/11/16 12:0 a.m.16 views

Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam

The plugin does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone numbers. PoC While...

4.3CVSS2.5AI score0.00486EPSS
Exploits2Affected Software1
Tenable Nessus
Tenable Nessus
added 2021/04/30 12:0 a.m.47 views

EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1852)

According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...

9.8CVSS7.4AI score0.40982EPSS
Exploits0References8
FreeBSD
FreeBSD
added 2019/11/05 12:0 a.m.33 views

squid -- Vulnerable to HTTP Digest Authentication

Squid Team reports: Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces...

7.5CVSS1.2AI score0.40982EPSS
Exploits0References2
Rows per page
Query Builder