Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

Patchstack
Patchstackadded 2024/04/08 12:0 a.m.5 views

WordPress WP-Stateless Plugin <= 3.4.0 is vulnerable to Broken Access Control

Software WP-Stateless Type Plugin Vulnerable versions = 3.4.0 Fixed in 3.4.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1385 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 12374ce1567e Credits Krzysztof Zając Required...

7.1CVSS6.5AI score0.00094EPSS
Exploits0References3Affected Software1
NVD
NVDadded 2024/04/06 4:15 a.m.11 views

CVE-2024-1385

The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismissnotices function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access an...

7.1CVSS6.6AI score0.00094EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/04/06 3:24 a.m.7 views

CVE-2024-1385 WP-Stateless – Google Cloud Storage <= 3.4.0 - Missing Authorization to Limited Arbitrary Options Update

The WP-Stateless – Google Cloud Storage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the dismissnotices function in all versions up to, and including, 3.4.0. This makes it possible for authenticated attackers, with subscriber-level access an...

7.1CVSS7.3AI score0.00094EPSS
Exploits0References2
CVE
CVEadded 2024/04/06 3:24 a.m.59 views

CVE-2024-1385

The CVE refers to WP-Stateless (Google Cloud Storage) for WordPress, with a missing capability check in dismiss_notices() that affects all versions up to 3.4.0. The vulnerability allows authenticated users with subscriber-level access and above to update arbitrary option values to the current tim...

7.1CVSS8.9AI score0.00094EPSS
Exploits0References2Affected Software1
CNNVD
CNNVDadded 2024/04/06 12:0 a.m.3 views

WordPress Plugin WP-Stateless 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

7.1CVSS8.3AI score0.00094EPSS
Exploits0References3
Positive Technologies
Positive Technologiesadded 2024/04/05 12:0 a.m.3 views

PT-2024-17997 · WordPress · Wp-Stateless

Name of the Vulnerable Software and Affected Versions: WP-Stateless – Google Cloud Storage plugin for WordPress versions up to, and including, 3.4.0 Description: The issue is related to a missing capability check on the dismiss notices function, which allows authenticated attackers with...

7.1CVSS9.1AI score0.00094EPSS
Exploits0References6
Rows per page
Query Builder