12 matches found
CVE-2023-0713
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajaxaddfolder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0727 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 1a19464c32ce Credits Marco Wotschka...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0716 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID e2bdc56150c0 Credits Marco Wotschka Requir...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0729 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 359cb0728a2c Credits Marco Wotschka...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0728 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b8b3cf9c9f0d Credits Marco Wotschka...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0713 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 74dfca7bfe3c Credits Marco Wotschka Requir...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0719 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID 51b001d8b150 Credits Marco Wotschka Requir...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0725 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 70ca913af519 Credits Marco Wotschka...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Broken Access Control
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-0717 Patch priority Medium CVSS severity Medium 5.4 Developer Claim ownership PSID db3e0ac8c3e4 Credits Marco Wotschka Requir...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0724 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 4ecba55efc7d Credits Marco Wotschka...
WordPress Wicked Folders Plugin <= 2.18.16 is vulnerable to Cross Site Request Forgery (CSRF)
Software Wicked Folders Type Plugin Vulnerable versions = 2.18.16 Fixed in 2.18.17 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-0730 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a5e4047ba885 Credits Marco Wotschka...
WordPress Wicked Folders plugin <= 2.18.9 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Krzysztof Zając in WordPress Wicked Folders plugin versions = 2.18.9. Solution Update the WordPress Wicked Folders plugin to the latest available version at least 2.18.10...