Lucene search
K

18 matches found

Positive Technologies
Positive Technologies
added 2026/01/31 12:0 a.m.10 views

PT-2026-5544

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish unpublish popupbox' function that verifies a self-created nonce rather than one submitted in the request. This...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/01/31 12:0 a.m.5 views

WordPress Plugin Popup Box: Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.7AI score0.00165EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2018-0235

Malware in sbrugna...

7.5CVSS7.7AI score0.01123EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/05/23 8:55 a.m.6 views

CVE-2024-5545

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...

5.3CVSS5.5AI score0.0033EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2024/07/02 8:15 a.m.5 views

CVE-2024-5545

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...

5.3CVSS6AI score0.0033EPSS
Exploits0References3
OSV
OSV
added 2024/07/02 8:15 a.m.4 views

CVE-2024-5545

The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...

5.3CVSS5.9AI score0.0033EPSS
Exploits0References2
NVD
NVD
added 2024/03/25 5:15 a.m.9 views

CVE-2024-1231

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack...

6.8CVSS6.4AI score0.00225EPSS
Exploits2References1
OSV
OSV
added 2024/03/25 5:15 a.m.2 views

CVE-2024-1231

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack...

6.8CVSS7.3AI score0.00225EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/03/25 5:0 a.m.13 views

CVE-2024-1231 CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack...

6.3AI score0.00225EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/03/25 5:0 a.m.18 views

CVE-2024-1231 CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF

The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack...

6.6AI score0.00225EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2024/03/04 12:0 a.m.14 views

CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack PoC Make an admin open the URL below https://example.com/cmdownload/unpublish/id/...

6.4AI score0.00225EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2024/03/04 12:0 a.m.147 views

CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack Make an admin open the URL below https://example.com/cmdownload/unpublish/id/...

6.7AI score0.00225EPSS
Exploits2
OSV
OSV
added 2022/08/25 11:15 p.m.6 views

CVE-2022-36118

An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the SetProcessAttributes...

5.3CVSS5.8AI score0.00639EPSS
Exploits0References3
OSV
OSV
added 2018/10/03 8:27 p.m.17 views

GHSA-646X-M363-9RH4 node-opensl is malware

The node-opensl package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...

7.5CVSS7.6AI score0.01123EPSS
Exploits0References3
Prion
Prion
added 2018/06/07 2:29 a.m.12 views

Code injection

proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...

5CVSS7.4AI score0.01123EPSS
Exploits0References1
CNVD
CNVD
added 2015/04/23 12:0 a.m.2 views

Drupal Patterns Module Cross-Site Request Forgery Vulnerability

Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Patterns is one of the modules that builds around bottlenecks by managing and automating site configurations stored in XML or YAML schema. A cross-site request forgery vulnerability...

6.8CVSS6.9AI score0.00656EPSS
Exploits0References1
Prion
Prion
added 2015/04/21 4:59 p.m.16 views

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 restore, 2 publish, or 3 unpublish a pattern via unspecified vectors...

6.8CVSS7.7AI score0.00656EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2012/09/20 3:46 a.m.15 views

CVE-2012-1631

Cross-site request forgery CSRF vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors...

6.8CVSS7.2AI score0.00643EPSS
Exploits0References5
Rows per page
Query Builder