Lucene search
+L

152 matches found

OSV
OSV
added 2024/09/17 6:15 a.m.7 views

CVE-2024-8093

The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS5.8AI score0.00178EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/16 12:0 a.m.8 views

PT-2024-38800 · WordPress · Posts Reminder Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: The Posts reminder WordPress plugin versions 0.20 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This could...

6.5CVSS6.8AI score0.00178EPSS
Exploits1References6
OSV
OSV
added 2024/09/12 6:15 a.m.3 views

CVE-2024-7862

The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS5.8AI score0.0019EPSS
Exploits1References1
OSV
OSV
added 2024/09/12 6:15 a.m.2 views

CVE-2024-7820

The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS5.8AI score
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/09/11 12:0 a.m.10 views

PT-2024-38606 · WordPress · Ilc Thickbox

Name of the Vulnerable Software and Affected Versions: ILC Thickbox WordPress plugin version 1.0 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For ILC...

6.5CVSS6.8AI score0.0019EPSS
Exploits1References7
OSV
OSV
added 2024/09/08 6:15 a.m.6 views

CVE-2024-6856

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS5.8AI score0.00201EPSS
Exploits1References1
OSV
OSV
added 2024/09/08 6:15 a.m.8 views

CVE-2024-6925

The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS5.8AI score0.00214EPSS
Exploits1References1
OSV
OSV
added 2024/09/08 6:15 a.m.9 views

CVE-2024-6852

The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS5.8AI score0.00201EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/09/07 12:0 a.m.4 views

PT-2024-37963 · WordPress · Truebooker

Name of the Vulnerable Software and Affected Versions: The TrueBooker WordPress plugin versions prior to 1.0.3 Description: The issue is related to the lack of a CSRF check when updating settings in the plugin. This could allow attackers to make a logged-in admin change settings via a CSRF attack...

4.3CVSS6.5AI score0.00214EPSS
Exploits1References6
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.6 views

WordPress plugin WP Job Portal 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

9.8CVSS6.7AI score0.01197EPSS
Exploits0References9
Patchstack
Patchstack
added 2024/08/29 1:6 a.m.8 views

WordPress WP Accessibility Helper plugin <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin WP Accessibility Helper WAH versions = 0.6.2.8...

5.4CVSS7AI score0.00264EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/07/13 6:15 a.m.5 views

CVE-2024-5287

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack...

7.1CVSS5.8AI score0.00211EPSS
Exploits1References1
OSV
OSV
added 2024/07/13 6:15 a.m.5 views

CVE-2024-3632

The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.8CVSS5.8AI score0.00329EPSS
Exploits1References1
OSV
OSV
added 2024/07/12 6:15 a.m.5 views

CVE-2024-6022

The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

8.8CVSS5.8AI score0.00312EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.11 views

PT-2024-37325 · WordPress · Content Blocks

Name of the Vulnerable Software and Affected Versions: ContentLock WordPress plugin versions 1.0.0 through 1.0.3 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...

8.8CVSS6.9AI score0.00312EPSS
Exploits1References6
OSV
OSV
added 2024/06/14 6:15 a.m.4 views

CVE-2024-3965

The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

5.4CVSS5.8AI score0.00198EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.10 views

PT-2024-32636 · WordPress · Wp Prayer Ii

Name of the Vulnerable Software and Affected Versions: WP Prayer II WordPress plugin versions 2.4.7 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For WP...

4.3CVSS6.5AI score0.00211EPSS
Exploits2References5
CVE
CVE
added 2024/05/23 5:32 a.m.82 views

CVE-2024-3711

CVE-2024-3711 affects the Brizy – Page Builder for WordPress. The flaw enables an unauthorized plugin settings update due to a missing capability check in the functions action_request_disable, action_change_template, and action_request_enable, in all versions up to and including 2.4.43. Consequen...

4.3CVSS4.7AI score0.00343EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2024/05/15 6:15 a.m.4 views

CVE-2024-3405

The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

7.6CVSS5.8AI score0.00258EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/05/10 12:0 a.m.6 views

PT-2024-28484 · WordPress · Recaptcha Jetpack Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: reCAPTCHA Jetpack WordPress plugin versions prior to 0.3 Description: The issue concerns a lack of CSRF check when updating settings, potentially allowing attackers to manipulate a logged-in admin into changing them via a CSRF attack...

8.8CVSS6.8AI score0.00381EPSS
Exploits2References3
Rows per page
Query Builder