Lucene search
+L

112 matches found

wpexploit
wpexploit
added 2023/02/14 12:0 a.m.501 views

Ocean Extra < 2.1.3 - Subscriber+ Arbitrary Post Content Disclosure

The plugin does not ensure that the template to be loaded via a shortcode is actually a template, allowing any authenticated users such as subscriber to retrieve the content of arbitrary posts, such as draft, private or even password protected ones. Note: This requires the OceanWP theme to be...

6.5CVSS7AI score0.00654EPSS
Exploits2
NVD
NVD
added 2022/12/04 11:15 p.m.27 views

CVE-2022-35730

Cross-Site Request Forgery CSRF vulnerability in Oceanwp sticky header plugin = 1.0.8 on WordPress...

6.5CVSS0.00234EPSS
Exploits0References1
OSV
OSV
added 2022/12/04 11:15 p.m.3 views

CVE-2022-35730

Cross-Site Request Forgery CSRF vulnerability in Oceanwp sticky header plugin = 1.0.8 on WordPress...

6.5CVSS5.8AI score
Exploits0References1
Prion
Prion
added 2022/12/04 11:15 p.m.10 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Oceanwp sticky header plugin = 1.0.8 on WordPress...

4.3CVSS6.6AI score0.00234EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2022/12/04 10:35 p.m.8 views

CVE-2022-35730 WordPress Oceanwp sticky header plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Oceanwp sticky header plugin = 1.0.8 on WordPress...

4.3CVSS6.7AI score0.00234EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/12/04 10:35 p.m.34 views

CVE-2022-35730 WordPress Oceanwp sticky header plugin <= 1.0.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Oceanwp sticky header plugin = 1.0.8 on WordPress...

4.3CVSS6.8AI score0.00234EPSS
Exploits0References1
CVE
CVE
added 2022/12/04 10:35 p.m.58 views

CVE-2022-35730

CVE-2022-35730 affects the WordPress Oceanwp sticky header plugin: versions ≤ 1.0.8 are without CSRF protections in multiple areas, enabling CSRF-style actions by authenticated users. The vulnerability’s documentation notes remediation by upgrading to a version newer than 1.0.8, though Patchstack...

6.5CVSS5.5AI score0.00234EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2022/12/04 12:0 a.m.5 views

WordPress plugin Oceanwp sticky header 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

6.5CVSS6.3AI score0.00234EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2022/12/04 12:0 a.m.6 views

PT-2022-22953 · WordPress · Oceanwp Sticky Header Plugin

Name of the Vulnerable Software and Affected Versions: Oceanwp sticky header plugin version 1.0.8 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Oceanwp sticky header plugin on WordPress. This issue allows for malicious requests to be made on behalf of the user witho...

6.5CVSS6.4AI score0.00234EPSS
Exploits0References4
Patchstack
Patchstack
added 2022/09/27 12:0 a.m.54 views

WordPress Oceanwp sticky header plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to a header style change discovered by Rasi Afeef Patchstack Alliance in WordPress Oceanwp sticky header plugin versions = 1.0.8. Solution No patched version is available. No reply from the vendor...

2.6AI score0.00234EPSS
Exploits0Affected Software1
OSV
OSV
added 2022/06/20 11:15 a.m.6 views

CVE-2021-25104

The Ocean Extra WordPress plugin before 1.9.5 does not escape generated links which are then used when the OceanWP is active, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS5.8AI score0.01388EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2022/05/24 12:0 a.m.28 views

Ocean Extra < 1.9.5 - Reflected Cross-Site Scripting

The plugin does not escape generated links which are then used when the OceanWP theme is active, leading to a Reflected Cross-Site Scripting issue PoC https://example.com/wp-admin/?step=demo=owpsetup"...

6.1CVSS0.3AI score0.01388EPSS
Exploits2Affected Software1
Rows per page
Query Builder