Lucene search
K

345 matches found

Vulnrichment
Vulnrichment
added 2024/03/25 4:46 a.m.11 views

CVE-2023-33923 Broken Access Control leading to Arbitrary Plugin Activation in multiple HashThemes themes

Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0...

4.3CVSS7AI score0.00503EPSS
Exploits0References3
NVD
NVD
added 2024/02/28 9:15 a.m.28 views

CVE-2024-0767

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

4.3CVSS4.3AI score0.00275EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/02/28 8:33 a.m.28 views

CVE-2024-0767 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

4.3CVSS4.7AI score0.00275EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/02/28 8:33 a.m.19 views

CVE-2024-0767 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

4.3CVSS6.7AI score0.00275EPSS
Exploits0References2
CVE
CVE
added 2024/02/28 8:33 a.m.141 views

CVE-2024-0767

CVE-2024-0767 (Envo's Elementor Templates & Widgets for WooCommerce) is a CSRF in the plugin’s ajax_plugin_activation path that can let unauthenticated attackers activate arbitrary plugins if an admin is tricked into performing an action. The vulnerability affects WordPress installations using th...

4.3CVSS5.3AI score0.00275EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/28 12:0 a.m.9 views

PT-2024-15804 · Envo · Elementor Templates & Widgets For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax plugin...

4.3CVSS9.3AI score0.00275EPSS
Exploits0References7
WPVulnDB
WPVulnDB
added 2024/02/27 12:0 a.m.19 views

Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Arbitrary Plugin Activation via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajaxpluginactivation function, allowing unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into...

4.3CVSS4.9AI score0.00275EPSS
Exploits0References1Affected Software1
GithubExploit
GithubExploit
added 2024/02/14 11:30 a.m.456 views

Exploit for Missing Authorization in Xlplugins Nextmove

CVE-2024-25092 NextMove Lite 2.18.0 - Subscriber+ Arbitra...

8.8CVSS8.5AI score0.01376EPSS
Exploits3
OSV
OSV
added 2024/01/20 6:15 a.m.3 views

CVE-2024-0679

The ColorMag theme for WordPress is vulnerable to unauthorized access due to a missing capability check on the pluginactioncallback function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to install and...

6.5CVSS7.4AI score0.01301EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2023/12/21 12:0 a.m.12 views

WordPress Ocean Extra Plugin < 2.2.3 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:oceanwp:oceanextra"; if description...

8.8CVSS7AI score0.00286EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/10/10 12:0 a.m.20 views

Futurio Extra < 1.9.1 - Arbitrary Plugin Activation via CSRF

Description The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.4AI score0.00254EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/10/03 1:15 p.m.6 views

CVE-2023-40201

Cross-Site Request Forgery CSRF vulnerability in FuturioWP Futurio Extra plugin = 1.8.4 versions leads to activation of arbitrary plugin...

8.8CVSS7.4AI score0.00254EPSS
Exploits0References1
NVD
NVD
added 2023/10/03 1:15 p.m.21 views

CVE-2023-40201

Cross-Site Request Forgery CSRF vulnerability in FuturioWP Futurio Extra plugin = 1.8.4 versions leads to activation of arbitrary plugin...

8.8CVSS7.3AI score0.00254EPSS
Exploits0References1
Prion
Prion
added 2023/10/03 1:15 p.m.17 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in FuturioWP Futurio Extra plugin = 1.8.4 versions leads to activation of arbitrary plugin...

6.8CVSS8.9AI score0.00254EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/03 12:0 a.m.5 views

PT-2023-27320 · WordPress · Futurio Extra

Name of the Vulnerable Software and Affected Versions: FuturioWP Futurio Extra plugin versions 1.8.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows the activation of arbitrary plugins. This can be exploited by tricking a user into performing...

8.8CVSS8.9AI score0.00254EPSS
Exploits0References5
WPVulnDB
WPVulnDB
added 2023/09/18 12:0 a.m.12 views

AffiliateWP < 2.14.1 - Subscriber+ Arbitrary Plugin Activation

Description The theme does not have authorisation and CSRF when activating plugins via an AJAX action, allowing any authenticated users, such as subscriber to activate arbitrary plugins...

4.3CVSS6.5AI score0.00321EPSS
Exploits0Affected Software1
OSV
OSV
added 2023/08/30 12:15 p.m.7 views

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

4.3CVSS6.7AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/08/30 12:15 p.m.4 views

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

4.3CVSS6.8AI score0.00321EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/08/30 12:15 p.m.19 views

Design/Logic Flaw

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

4CVSS4.7AI score0.00321EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/08/30 11:29 a.m.7 views

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.00321EPSS
Exploits0References2
Rows per page
Query Builder