21 matches found
CVE-2023-0728
CVE-2023-0728 (Wicked Folders, WordPress) : The WordPress Wicked Folders plugin versions up to and including 2.18.16 are vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the ajax_save_folder function. This allows unauthenticated attackers to trigger the functi...
CVE-2023-0723
CVE-2023-0723 describes a Cross-Site Request Forgery in the WordPress Wicked Folders plugin up to version 2.18.16, caused by missing/incorrect nonce validation on the ajax_move_object function. This allows unauthenticated attackers to induce actions on behalf of an administrator (e.g., altering f...
CVE-2023-0711
CVE-2023-0711 affects the Wicked Folders WordPress plugin up to version 2.18.16, where a missing capability check in the ajax_save_state function allows authorization bypass by authenticated users with subscriber-level permissions or higher, enabling actions typically reserved for administrators ...
CVE-2023-0719
Summary (CVE-2023-0719) : The Wicked Folders WordPress plugin (versions ≤ 2.18.16) is vulnerable to broken access control due to a missing capability check in the ajax_save_sort_order function. This allows authenticated users with subscriber-level permissions and above to invoke administrator-lev...
CVE-2023-0730
Summary (CVE-2023-0730): The Wicked Folders WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the ajax_save_folder_order function, affecting versions up to and including 2.18.16. This enables unauthenticated attackers to trigger admin action...
CVE-2023-0718
The CVE-2023-0718 entry relates to the Wicked Folders WordPress plugin. A missing capability check in the ajax_save_folder function (affected versions up to and including 2.18.16) allows authenticated users with subscriber-level permissions and above to perform administrator-level actions such as...
CVE-2023-0712
The CVE-2023-0712 entry concerns the Wicked Folders WordPress plugin. A missing capability check in the ajax_move_object function allows authenticated users with subscriber-level permissions and above to bypass authorization and perform administrator-level actions (e.g., modifying the plugin’s fo...
CVE-2023-0684
The CVE refers to the Wicked Folders WordPress plugin. A missing capability check in the ajax_unassign_folders function (affecting versions up to and including 2.18.16) allows authenticated users with subscriber-level permissions or higher to perform administrator-level actions such as changing t...
CVE-2023-0715
CVE-2023-0715 affects the WordPress plugin Wicked Folders up to version 2.18.16 . The root cause is a missing capability check in the ajax_clone_folder function, enabling authenticated users with subscriber-level permissions and above to perform administrator-level actions, such as modifying the ...
CVE-2023-0727
The CVE-2023-0727 entry affects the Wicked Folders WordPress plugin (versions
CVE-2023-0724
CVE-2023-0724 affects the Wicked Folders WordPress plugin (versions
CVE-2023-0685
CVE-2023-0685 concerns the Wicked Folders WordPress plugin. The vulnerability is Cross‑Site Request Forgery due to missing or incorrect nonce validation in the ajax_unassign_folders function, affecting versions up to and including 2.18.16. This could allow unauthenticated attackers to trigger adm...
CVE-2023-0716
CVE-2023-0716 : The Wicked Folders WordPress plugin up to version 2.18.16 is affected by broken access control due to a missing capability check in the ajax_edit_folder function. This allows authenticated users with subscriber permissions and above to perform administrator-level actions (modifyin...
CVE-2023-0720
The CVE-2023-0720 entry concerns the Wicked Folders WordPress plugin. A missing capability check in ajax_save_folder_order in versions up to and including 2.18.16 enables authorization bypass for authenticated users with subscriber-level or higher privileges, allowing actions intended for adminis...
CVE-2023-0726
The CVE-2023-0726 entry concerns the Wicked Folders WordPress plugin. Technical details across connected sources show a Cross-Site Request Forgery (CSRF) flaw in versions up to 2.18.16 caused by missing or incorrect nonce validation in the ajax_edit_folder function, enabling unauthenticated attac...
CVE-2023-0713
CVE-2023-0713 affects the WordPress Wicked Folders plugin. The root cause is a missing capability check on the ajax_add_folder function, enabling an authenticated user with subscriber-level permissions or higher to perform administrator-level actions (modify the plugin’s folder structure). The vu...
CVE-2023-0722
CVE-2023-0722 affects the WordPress plugin Wicked Folders. A CSRF vulnerability arises from missing/incorrect nonce validation in the ajax_save_state function, allowing unauthenticated attackers to trick an admin into performing actions (e.g., altering folder structure) via forged requests. Affec...
CVE-2023-0725
CVE-2023-0725 : WordPress Wicked Folders plugin
CVE-2023-0717
The CVE-2023-0717 entry concerns the Wicked Folders WordPress plugin. A missing capability check in the ajax_delete_folder function in versions up to and including 2.18.16 allows authenticated users with subscriber-level permissions and above to perform administrator-only actions (modifying the f...
CVE-2023-0729
The CVE-2023-0729 entry details a CSRF vulnerability in the Wicked Folders WordPress plugin up to version 2.18.16 due to missing or incorrect nonce validation in the ajax_save_sort_order function. This allows unauthenticated attackers to trigger admin actions via forged requests if the site admin...
CVE-2021-24919
Summary: CVE-2021-24919 affects the WordPress Wicked Folders plugin, where the wicked_folders_save_sort_order AJAX action uses the folder_id parameter in an SQL statement without proper sanitization/escaping, enabling SQL injection for authenticated users. Affected versions are before 2.8.10 (per...