Lucene search
K

8 matches found

Positive Technologies
Positive Technologies
added 2025/11/11 12:0 a.m.6 views

PT-2025-46266

Name of the Vulnerable Software and Affected Versions Crypto plugin for WordPress versions prior to 2.23 Description The software is susceptible to information exposure due to an unauthenticated AJAX action, wp ajax nopriv crypto connect ajax process, which allows calling the register and savenft...

5.3CVSS7AI score0.00331EPSS
Exploits0References7
NVD
NVD
added 2024/10/16 7:15 a.m.14 views

CVE-2020-36838

The Facebook Chat Plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxupdateoptions function in versions up to, and including, 1.5. This flaw makes it possible for low-level authenticated attackers to connect their own Facebook Messenger accou...

7.4CVSS0.00339EPSS
Exploits0References2
NVD
NVD
added 2023/06/07 1:15 p.m.20 views

CVE-2021-4380

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...

9.8CVSS9.5AI score0.04528EPSS
Exploits1References4
Prion
Prion
added 2023/06/07 1:15 p.m.17 views

Authorization

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...

7.5CVSS9.3AI score0.04528EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2023/06/07 12:43 p.m.87 views

CVE-2021-4380

CVE-2021-4380 affects the Pinterest Automatic plugin for WordPress. The vulnerability is an authorization bypass caused by missing capability checks in the function wp_pinterest_automatic_parse_request and in process_form.php, allowing unauthenticated attackers to update arbitrary WordPress optio...

9.8CVSS9.2AI score0.04528EPSS
Exploits1References4Affected Software1
Cvelist
Cvelist
added 2023/06/07 12:43 p.m.54 views

CVE-2021-4380 Pinterest Automatic <= 4.14.3 - Unuathenticated Arbitrary Options Update

The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...

9.8CVSS9.6AI score0.04528EPSS
Exploits1References4
OSV
OSV
added 2021/11/16 5:4 p.m.18 views

GHSA-X7J7-QP7J-HW3Q Cross-site scripting (XSS) from writer field content in the site frontend

Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting XSS attacks, otherwise the formatting would be lost. Cross-site scripting XSS is a type of vulnerability that...

5.4CVSS6AI score0.00898EPSS
Exploits0References5
Fedora
Fedora
added 2020/05/26 3:14 a.m.14 views

[SECURITY] Fedora 32 Update: netdata-1.22.1-3.fc32

netdata is the fastest way to visualize metrics. It is a resource efficient, highly optimized system for collecting and visualizing any type of realtime time-series data, from CPU usage, disk activity, SQL queries, API calls, web site visitors, etc. netdata tries to visualize the truth of now, in...

1.4AI score
Exploits0
Rows per page
Query Builder