Lucene search
K

11 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 11:0 p.m.12 views

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

7.5CVSS6.2AI score0.09105EPSS
Exploits2References1
Wallarm Lab
Wallarm Lab
added 2023/08/12 1:45 p.m.14 views

2023 OWASP Top-10 Series: API3:2023 Broken Object Property Level Authorization

Welcome to the 4th post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a particular focus on security practitioners. This post will focus on API3:2023 Broken Object Property Level Authorization. In this series we are taking an in-depth look at each category – the detail...

6.8AI score
Exploits0
Veracode
Veracode
added 2023/02/16 7:9 a.m.28 views

Improper Certificate Validation

cloudconnectlib is vulnerable to Improper Certificate Validation. Requests to third-party APIs through the REST API Modular Input allows a remote attacker to downgrade the API request to HTTP after a connection over HTTPS fails when the REST API Modular Input functionality is used through its use...

5.3CVSS5.6AI score0.00315EPSS
Exploits0References4Affected Software1
Prion
Prion
added 2023/02/14 6:15 p.m.17 views

Design/Logic Flaw

In Splunk Add-on Builder AoB versions below 4.1.2 and the Splunk CloudConnect SDK versions below 3.1.3, requests to third-party APIs through the REST API Modular Input incorrectly revert to using HTTP to connect after a failure to connect over HTTPS occurs...

5CVSS5.2AI score0.00315EPSS
Exploits0References1Affected Software2
NVD
NVD
added 2022/05/10 8:15 p.m.20 views

CVE-2022-1442

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

7.5CVSS0.09105EPSS
Exploits2References3
Vulnrichment
Vulnrichment
added 2022/05/10 7:30 p.m.8 views

CVE-2022-1442 Metform Elementor Contact Form Builder <= 2.1.3 - Sensitive Information Disclosure

The Metform WordPress plugin is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs like that of PayPal, Stripe,...

7.5CVSS7AI score0.09105EPSS
Exploits2References3
CVE
CVE
added 2022/05/10 7:30 p.m.2255 views

CVE-2022-1442

CVE-2022-1442 affects the WordPress Metform plugin up to version 2.1.3. The vulnerability stems from improper access control in the ~/core/forms/action.php file, allowing an unauthenticated attacker to view API keys and secrets for multiple integrated third‑party services (e.g., PayPal, Stripe, M...

7.5CVSS7.2AI score0.09105EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2022/04/23 12:0 a.m.18 views

Metform Elementor Contact Form Builder < 2.1.4 - Unauthenticated API keys and Secrets Disclosure

The is vulnerable to sensitive information disclosure due to improper access control in the /core/forms/action.php file which can be exploited by an unauthenticated attacker to view all API keys and secrets of integrated third-party APIs such as PayPal, Stripe, Mailchimp, Hubspot, HelpScout,...

7.5CVSS1.2AI score0.09105EPSS
Exploits2References1Affected Software1
ThreatPost
ThreatPost
added 2020/12/23 5:11 p.m.289 views

Third-Party APIs: How to Prevent Enumeration Attacks

When organizations use APIs – the next frontier in cybercrime – to engage with third parties, it’s crucial they understand the associated security exposure they’re introducing. To do so, they must think like a hacker to evaluate whether or not they are introducing a problem or a solution for thei...

0.7AI score
Exploits0References3
Trend Micro Simply Security
Trend Micro Simply Security
added 2017/06/09 1:0 p.m.18 views

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

6.8AI score
Exploits0
Akamai Blog
Akamai Blog
added 2017/04/27 5:12 p.m.15 views

The State of Mobile App Performance

In our previous blog, we saw how a new generation of users are increasing the expectations of a mobile app like never before and identified the three key success criteria for mobile apps: 1 increase customer conversions, 2 drive installs and 3 increase customer loyalty. For this blog we profiled...

6.7AI score
Exploits0
Rows per page
Query Builder