Lucene search
K

12 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 5:40 a.m.5 views

CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS4.3AI score0.00576EPSS
Exploits0References1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.11 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0727 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1a19464c32ce Credits Marco Wotschka...

5.4CVSS6.9AI score0.00322EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.11 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0716 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e2bdc56150c0 Credits Marco Wotschka Requir...

5.4CVSS6.8AI score0.00576EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.9 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0729 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 359cb0728a2c Credits Marco Wotschka...

5.4CVSS6.9AI score0.00297EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.13 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0728 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b8b3cf9c9f0d Credits Marco Wotschka...

5.4CVSS6.6AI score0.00314EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.12 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0713 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 74dfca7bfe3c Credits Marco Wotschka Requir...

5.4CVSS6.5AI score0.00576EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.15 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0719 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 51b001d8b150 Credits Marco Wotschka Requir...

5.4CVSS6.8AI score0.00601EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.10 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0725 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 70ca913af519 Credits Marco Wotschka...

5.4CVSS6.9AI score0.00308EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.21 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0717 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID db3e0ac8c3e4 Credits Marco Wotschka Requir...

5.4CVSS6.8AI score0.00576EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.19 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0724 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ecba55efc7d Credits Marco Wotschka...

5.4CVSS6.9AI score0.00308EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2023/02/08 12:0 a.m.17 views

WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)

Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0730 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a5e4047ba885 Credits Marco Wotschka...

5.4CVSS6.6AI score0.00322EPSS
Exploits0References4Affected Software1
Patchstack
Patchstack
added 2022/01/03 12:0 a.m.16 views

WordPress Wicked Folders plugin <= 2.18.9 - SQL Injection (SQLi) vulnerability

SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Wicked Folders plugin versions = 2.18.9. Solution Update the WordPress Wicked Folders plugin to the latest available version at least 2.18.10...

8.8CVSS2.9AI score0.01517EPSS
Exploits2References3Affected Software1
Rows per page
Query Builder