CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2024/03/23 3:33 a.m.•8 views

CVE-2024-2326 Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin <= 3.6.3 - Cross-Site Request Forgery to Plugin Settings Update

The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possibl...

4.3CVSS7.1AI score0.00078EPSS

WPVulnDB•added 2024/03/22 12:0 a.m.•16 views

Tracking Code Manager < 2.1.0 -Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS6AI score0.00123EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2024/03/21 5:53 p.m.•23 views

CVE-2024-25907 WordPress WP Media folder plugin <= 5.7.2 - Plugin Settings Change vulnerability

Missing Authorization vulnerability in JoomUnited WP Media folder.This issue affects WP Media folder: from n/a through 5.7.2...

5.4CVSS6.9AI score0.00092EPSS

OSV•added 2024/03/13 4:15 p.m.•1 views

CVE-2024-0829

The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 5.0. This is due to missing or incorrect capability checks on several ajax actions. This makes it possible for authenticated attackers, with subscribe...

4.3CVSS5.8AI score0.00132EPSS

OSV•added 2024/03/13 4:15 p.m.•2 views

CVE-2024-0830

The Comments Extra Fields For Post,Pages and CPT plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0. This is due to missing or incorrect nonce validation on several ajax actions. This makes it possible for unauthenticated attackers to invoke...

4.3CVSS5.6AI score

NVD•added 2024/03/13 4:15 p.m.•11 views

CVE-2024-0447

The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibotupdate function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, with...

5CVSS4.8AI score0.00162EPSS

OSV•added 2024/03/13 4:15 p.m.•3 views

CVE-2024-0447

5CVSS5.8AI score0.00162EPSS

Prion•added 2024/03/13 4:15 p.m.•15 views

Cross site request forgery (csrf)

4.3CVSS6.7AI score0.00125EPSS

Cvelist•added 2024/03/13 3:27 p.m.•12 views

CVE-2024-0829 Comments Extra Fields For Post,Pages and CPT <= 5.0 - Missing Authorization

4.3CVSS4.7AI score0.00132EPSS

Cvelist•added 2024/03/13 3:27 p.m.•16 views

CVE-2024-0830 Comments Extra Fields For Post,Pages and CPT <= 5.0 - Cross-Site Request Forgery

4.3CVSS4.6AI score0.00125EPSS

Vulnrichment•added 2024/03/05 1:55 a.m.•12 views

CVE-2024-1095 Build & Control Block Patterns – Boost up Gutenberg Editor <= 1.3.5.4 - Missing Authorization

The Build & Control Block Patterns – Boost up Gutenberg Editor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the settingsexport function in all versions up to, and including, 1.3.5.4. This makes it possible for unauthenticated attackers to...

5.3CVSS6.7AI score0.00676EPSS

wpexploit•added 2024/03/05 12:0 a.m.•174 views

Testimonial Slider < 2.3.7 - Author+ Settings Update

Description The plugin does not properly ensure that a user has the necessary capabilities to edit certain sensitive plugin settings, making it possible for users with at least the Author role to edit them. 1 Go to a page where one of the sliders is already in use and intercept the nonce tss 2...

9.5AI score0.00144EPSS

Exploits2References1

WPVulnDB•added 2024/02/28 12:0 a.m.•18 views

BeePress <= 6.9.8 - Cross-Site Request Forgery via beepress-pro.php

Description The BeePress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.9.8. This is due to missing or incorrect nonce validation on multiple functions in the beepress-pro.php. This makes it possible for unauthenticated attackers to modify the...

7.1CVSS6.6AI score0.00052EPSS

WPVulnDB•added 2024/02/26 12:0 a.m.•16 views

ArtiBot Free Chat Bot for WordPress WebSites <= 1.1.6 - Missing Authorization to Settings Update

Description The ArtiBot Free Chat Bot for WordPress WebSites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the artibotupdate function in all versions up to, and including, 1.1.6. This makes it possible for authenticated attackers, wit...

5CVSS6.7AI score0.00162EPSS

NVD•added 2024/02/21 4:15 a.m.•14 views

CVE-2024-1562

The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the executepostdata function in all versions up to, and including, 1.3.11. This makes it possible for unauthenticated attackers to update plugin...

5.3CVSS5.1AI score0.00244EPSS

Vulnrichment•added 2024/02/21 3:36 a.m.•10 views

CVE-2024-1562 WooCommerce Google Sheet Connector <= 1.3.11 - Missing Authorization

5.3CVSS6.7AI score0.00244EPSS

Cvelist•added 2024/02/21 3:36 a.m.•17 views

CVE-2024-1562 WooCommerce Google Sheet Connector <= 1.3.11 - Missing Authorization

5.3CVSS5.3AI score0.00244EPSS