Lucene search
K

8 matches found

Vulnrichment
Vulnrichment
added 2024/08/05 6:0 a.m.16 views

CVE-2024-2232 Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites

The lacks CSRF checks allowing a user to invite any user to any group including private groups...

6.9AI score0.00261EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/08/05 6:0 a.m.36 views

CVE-2024-2232 Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites

The lacks CSRF checks allowing a user to invite any user to any group including private groups...

0.00261EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/07/03 6:0 a.m.26 views

CVE-2024-2231 Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR

The allows any authenticated user to join a private group due to a missing authorization check on a function...

0.00374EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/03 6:0 a.m.14 views

CVE-2024-2231 Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR

The allows any authenticated user to join a private group due to a missing authorization check on a function...

6.7AI score0.00374EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/07/03 6:0 a.m.22 views

CVE-2024-2233 Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section

The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group...

7.2AI score0.00193EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.14 views

Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS

Description The theme does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks PoC The PoC will be displayed on June 26, 2024, to give users the time to update...

5.5AI score0.00335EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2024/06/12 12:0 a.m.130 views

Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF

Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack The PoC will be displayed on June 26, 2024, to give users the time to update...

6.7AI score0.00193EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/06/12 12:0 a.m.21 views

Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF

Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to update...

6.4AI score0.00193EPSS
Exploits2Affected Software1
Rows per page
Query Builder