Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:19 p.m.14 views

CVE-2022-1758

The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings...

8.8CVSS5.9AI score0.00597EPSS
Exploits2References1
CNVD
CNVD
added 2022/06/15 12:0 a.m.26 views

WordPress Genki Pre-Publish Reminder plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

8.8CVSS8.5AI score0.00597EPSS
Exploits2References1
NVD
NVD
added 2022/06/13 1:15 p.m.25 views

CVE-2022-1758

The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings...

8.8CVSS0.00597EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/06/13 1:15 p.m.7 views

CVE-2022-1758

The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings...

8.8CVSS5.9AI score0.00597EPSS
Exploits2References2
Prion
Prion
added 2022/06/13 1:15 p.m.24 views

Cross site request forgery (csrf)

The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings...

6.8CVSS8.2AI score0.00597EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2022/06/13 12:42 p.m.25 views

CVE-2022-1758 Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF

The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings...

8.3AI score0.00597EPSS
Exploits2References1
CVE
CVE
added 2022/06/13 12:42 p.m.106 views

CVE-2022-1758

CVE-2022-1758 affects the WordPress plugin Genki Pre-Publish Reminder (versions

8.8CVSS8.3AI score0.00597EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2022/05/23 12:0 a.m.17 views

Genki Pre-Publish Reminder <= 1.4.1 - Stored XSS & RCE via CSRF

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings. PoC...

8.8CVSS4.4AI score0.00597EPSS
Exploits2Affected Software1
Patchstack
Patchstack
added 2022/05/23 12:0 a.m.34 views

WordPress Genki Pre-Publish Reminder plugin <= 1.4.1 - Stored XSS and RCE via CSRF vulnerability

Stored XSS and RCE via CSRF vulnerability discovered by Daniel Ruf in WordPress Genki Pre-Publish Reminder plugin versions = 1.4.1. Solution Deactivate and delete. This plugin has been closed as of May 17, 2022 and is not available for download. This closure is temporary, pending a full review...

8.8CVSS4.1AI score0.00597EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder