Lucene search
K

68 matches found

ATTACKERKB
ATTACKERKB
added 2024/10/16 7:15 a.m.3 views

CVE-2023-7286

The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the editusers capability to access metadata of other users, this includes contributor-level users and above...

6.5CVSS5.4AI score0.00421EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/10/16 6:43 a.m.33 views

CVE-2023-7286 ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference

The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the editusers capability to access metadata of other users, this includes contributor-level users and above...

6.5CVSS0.00421EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/10/16 6:43 a.m.13 views

CVE-2023-7286 ACF Quick Edit Fields <= 3.2.2 - Authenticated (Contributor+) Insecure Direct Object Reference

The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2. This makes it possible for attackers without the editusers capability to access metadata of other users, this includes contributor-level users and above...

6.5CVSS6.9AI score0.00421EPSS
Exploits0References3
CVE
CVE
added 2024/10/16 6:43 a.m.45 views

CVE-2023-7286

The WordPress plugin ACF Quick Edit Fields (≤ 3.2.2) is affected by an Insecure Direct Object Reference issue that allows authenticated users with Contributor+ privileges to access metadata of other users without the edit_users capability. Root cause: insecure access to user metadata via the plug...

6.5CVSS6.3AI score0.00421EPSS
Exploits0References3
OSV
OSV
added 2024/03/06 10:53 a.m.18 views

BIT-DRUPAL-2022-25270

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS6.3AI score0.00757EPSS
Exploits0References2
Prion
Prion
added 2022/08/16 7:15 p.m.14 views

Cross site scripting

A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument posttitle with the input leads to cross si...

5.8CVSS6AI score0.0047EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2022/05/14 1:36 a.m.4 views

MODX Revolution allows XSS via document resources

MODX Revolution through v2.7.0-pl allows XSS via a document resource such as pagetitle, which is mishandled during an Update action, a Quick Edit action, or the viewing of manager logs...

6.1CVSS5.9AI score0.00861EPSS
Exploits1References5Affected Software1
OpenVAS
OpenVAS
added 2022/03/18 12:0 a.m.24 views

Drupal Information Disclosure Vulnerability (SA-CORE-2022-004) - Windows

Drupal is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

6.5CVSS6.3AI score0.00757EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2022/03/18 12:0 a.m.20 views

Drupal Information Disclosure Vulnerability (SA-CORE-2022-004) - Linux

Drupal is prone to an information disclosure vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; y...

6.5CVSS6.3AI score0.00757EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2022/03/04 12:0 a.m.6 views

The vulnerability of the Quick Edit module in the Drupal content management system allows a hacker to access confidential information.

The vulnerability of the Quick Edit module in the Drupal content management system is related to improper access restrictions in the Quick Edit module itself. Exploiting this vulnerability could allow attackers to gain access to confidential information...

4.3CVSS6.5AI score0.00757EPSS
Exploits0References5Affected Software2
Redos
Redos
added 2022/02/25 12:0 a.m.53 views

ROS-20220225-02

Vulnerability in the Drupal content management system, related to incorrect access restrictions in the in the quick edit module. Exploitation of the vulnerability could allow an attacker acting remotely, to view content restricted by other means A vulnerability in Drupal's content management...

7.5CVSS6.6AI score0.01247EPSS
Exploits0
Github Security Blog
Github Security Blog
added 2022/02/18 12:0 a.m.26 views

Incorrect authorization in Drupal core

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS4.9AI score0.00757EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/02/18 12:0 a.m.47 views

GHSA-73Q4-J324-2QCC Incorrect authorization in Drupal core

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS6.3AI score0.00757EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2022/02/18 12:0 a.m.88 views

Drupal 9.3.x < 9.3.6 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.88, 9.2.x prior to 9.2.13, or 9.3.x prior to 9.3.6. It is, therefore, affected by multiple vulnerabilities: - The Quick Edit module does not properly check entity access in some...

7.5CVSS7AI score0.01247EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/02/18 12:0 a.m.39 views

Drupal 9.2.x < 9.2.13 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.88, 9.2.x prior to 9.2.13, or 9.3.x prior to 9.3.6. It is, therefore, affected by multiple vulnerabilities: - The Quick Edit module does not properly check entity access in some...

7.5CVSS7AI score0.01247EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2022/02/18 12:0 a.m.138 views

Drupal 7.x < 7.88 Multiple Vulnerabilities

According to its self-reported version, the instance of Drupal running on the remote web server is 7.x prior to 7.88, 9.2.x prior to 9.2.13, or 9.3.x prior to 9.3.6. It is, therefore, affected by multiple vulnerabilities: - The Quick Edit module does not properly check entity access in some...

7.5CVSS7AI score0.01247EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2022/02/17 12:15 a.m.1 views

CVE-2022-25270

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS6.6AI score0.00757EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2022/02/17 12:15 a.m.22 views

CVE-2022-25270

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS6.3AI score
Exploits0References1
NVD
NVD
added 2022/02/17 12:15 a.m.20 views

CVE-2022-25270

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

6.5CVSS0.00757EPSS
Exploits0References1
Prion
Prion
added 2022/02/17 12:15 a.m.14 views

Design/Logic Flaw

The Quick Edit module does not properly check entity access in some circumstances. This could result in users with the "access in-place editing" permission viewing some content they are are not authorized to access. Sites are only affected if the QuickEdit module which comes with the Standard...

4CVSS6.4AI score0.00757EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder