Lucene search
K
WickedpluginsWicked Folders

21 matches found

CVE
CVE
added 2023/02/07 9:5 p.m.65 views

CVE-2023-0728

CVE-2023-0728 (Wicked Folders, WordPress) : The WordPress Wicked Folders plugin versions up to and including 2.18.16 are vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the ajax_save_folder function. This allows unauthenticated attackers to trigger the functi...

5.4CVSS4.7AI score0.00314EPSS
CVE
CVE
added 2023/02/07 10:57 p.m.64 views

CVE-2023-0723

CVE-2023-0723 describes a Cross-Site Request Forgery in the WordPress Wicked Folders plugin up to version 2.18.16, caused by missing/incorrect nonce validation on the ajax_move_object function. This allows unauthenticated attackers to induce actions on behalf of an administrator (e.g., altering f...

5.4CVSS4.7AI score0.00322EPSS
CVE
CVE
added 2023/02/08 1:10 a.m.62 views

CVE-2023-0711

CVE-2023-0711 affects the Wicked Folders WordPress plugin up to version 2.18.16, where a missing capability check in the ajax_save_state function allows authorization bypass by authenticated users with subscriber-level permissions or higher, enabling actions typically reserved for administrators ...

5.4CVSS4.7AI score0.00576EPSS
CVE
CVE
added 2023/02/07 10:56 p.m.62 views

CVE-2023-0719

Summary (CVE-2023-0719) : The Wicked Folders WordPress plugin (versions ≤ 2.18.16) is vulnerable to broken access control due to a missing capability check in the ajax_save_sort_order function. This allows authenticated users with subscriber-level permissions and above to invoke administrator-lev...

5.4CVSS4.7AI score0.00601EPSS
CVE
CVE
added 2023/02/07 10:50 p.m.62 views

CVE-2023-0730

Summary (CVE-2023-0730): The Wicked Folders WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the ajax_save_folder_order function, affecting versions up to and including 2.18.16. This enables unauthenticated attackers to trigger admin action...

5.4CVSS4.7AI score0.00322EPSS
CVE
CVE
added 2023/02/07 11:7 p.m.59 views

CVE-2023-0718

The CVE-2023-0718 entry relates to the Wicked Folders WordPress plugin. A missing capability check in the ajax_save_folder function (affected versions up to and including 2.18.16) allows authenticated users with subscriber-level permissions and above to perform administrator-level actions such as...

5.4CVSS4.7AI score0.00588EPSS
CVE
CVE
added 2023/02/07 10:57 p.m.57 views

CVE-2023-0712

The CVE-2023-0712 entry concerns the Wicked Folders WordPress plugin. A missing capability check in the ajax_move_object function allows authenticated users with subscriber-level permissions and above to bypass authorization and perform administrator-level actions (e.g., modifying the plugin’s fo...

5.4CVSS4.7AI score0.00601EPSS
CVE
CVE
added 2023/02/08 1:12 a.m.55 views

CVE-2023-0684

The CVE refers to the Wicked Folders WordPress plugin. A missing capability check in the ajax_unassign_folders function (affecting versions up to and including 2.18.16) allows authenticated users with subscriber-level permissions or higher to perform administrator-level actions such as changing t...

5.4CVSS4.7AI score0.00576EPSS
CVE
CVE
added 2023/02/08 1:11 a.m.55 views

CVE-2023-0715

CVE-2023-0715 affects the WordPress plugin Wicked Folders up to version 2.18.16 . The root cause is a missing capability check in the ajax_clone_folder function, enabling authenticated users with subscriber-level permissions and above to perform administrator-level actions, such as modifying the ...

5.4CVSS4.7AI score0.00576EPSS
CVE
CVE
added 2023/02/07 10:49 p.m.55 views

CVE-2023-0727

The CVE-2023-0727 entry affects the Wicked Folders WordPress plugin (versions

5.4CVSS4.7AI score0.00322EPSS
CVE
CVE
added 2023/02/08 1:4 a.m.54 views

CVE-2023-0724

CVE-2023-0724 affects the Wicked Folders WordPress plugin (versions

5.4CVSS4.7AI score0.00308EPSS
CVE
CVE
added 2023/02/08 1:3 a.m.53 views

CVE-2023-0685

CVE-2023-0685 concerns the Wicked Folders WordPress plugin. The vulnerability is Cross‑Site Request Forgery due to missing or incorrect nonce validation in the ajax_unassign_folders function, affecting versions up to and including 2.18.16. This could allow unauthenticated attackers to trigger adm...

5.4CVSS4.7AI score0.00308EPSS
CVE
CVE
added 2023/02/08 1:2 a.m.53 views

CVE-2023-0716

CVE-2023-0716 : The Wicked Folders WordPress plugin up to version 2.18.16 is affected by broken access control due to a missing capability check in the ajax_edit_folder function. This allows authenticated users with subscriber permissions and above to perform administrator-level actions (modifyin...

5.4CVSS4.7AI score0.00576EPSS
CVE
CVE
added 2023/02/08 1:3 a.m.53 views

CVE-2023-0720

The CVE-2023-0720 entry concerns the Wicked Folders WordPress plugin. A missing capability check in ajax_save_folder_order in versions up to and including 2.18.16 enables authorization bypass for authenticated users with subscriber-level or higher privileges, allowing actions intended for adminis...

5.4CVSS4.7AI score0.00576EPSS
CVE
CVE
added 2023/02/08 1:13 a.m.52 views

CVE-2023-0726

The CVE-2023-0726 entry concerns the Wicked Folders WordPress plugin. Technical details across connected sources show a Cross-Site Request Forgery (CSRF) flaw in versions up to 2.18.16 caused by missing or incorrect nonce validation in the ajax_edit_folder function, enabling unauthenticated attac...

5.4CVSS4.7AI score0.00308EPSS
CVE
CVE
added 2023/02/07 9:5 p.m.49 views

CVE-2023-0713

CVE-2023-0713 affects the WordPress Wicked Folders plugin. The root cause is a missing capability check on the ajax_add_folder function, enabling an authenticated user with subscriber-level permissions or higher to perform administrator-level actions (modify the plugin’s folder structure). The vu...

5.4CVSS4.7AI score0.00576EPSS
CVE
CVE
added 2023/02/08 1:12 a.m.46 views

CVE-2023-0722

CVE-2023-0722 affects the WordPress plugin Wicked Folders. A CSRF vulnerability arises from missing/incorrect nonce validation in the ajax_save_state function, allowing unauthenticated attackers to trick an admin into performing actions (e.g., altering folder structure) via forged requests. Affec...

5.4CVSS4.7AI score0.00308EPSS
CVE
CVE
added 2023/02/08 1:8 a.m.44 views

CVE-2023-0725

CVE-2023-0725 : WordPress Wicked Folders plugin

5.4CVSS4.7AI score0.00308EPSS
CVE
CVE
added 2023/02/08 1:9 a.m.42 views

CVE-2023-0717

The CVE-2023-0717 entry concerns the Wicked Folders WordPress plugin. A missing capability check in the ajax_delete_folder function in versions up to and including 2.18.16 allows authenticated users with subscriber-level permissions and above to perform administrator-only actions (modifying the f...

5.4CVSS4.7AI score0.00576EPSS
CVE
CVE
added 2023/06/09 5:33 a.m.39 views

CVE-2023-0729

The CVE-2023-0729 entry details a CSRF vulnerability in the Wicked Folders WordPress plugin up to version 2.18.16 due to missing or incorrect nonce validation in the ajax_save_sort_order function. This allows unauthenticated attackers to trigger admin actions via forged requests if the site admin...

5.4CVSS4.3AI score0.00297EPSS
CVE
CVE
added 2022/02/01 12:21 p.m.36 views

CVE-2021-24919

Summary: CVE-2021-24919 affects the WordPress Wicked Folders plugin, where the wicked_folders_save_sort_order AJAX action uses the folder_id parameter in an SQL statement without proper sanitization/escaping, enabling SQL injection for authenticated users. Affected versions are before 2.8.10 (per...

8.8CVSS8.9AI score0.01517EPSS
Web