Wicked Folders Security Vulnerabilities and Issues — Wicked Folders CVE List

Lucene search

WickedpluginsWicked Folders

20 matches found

CVE•added 2023/02/07 11:15 p.m.•49 views

CVE-2023-0719

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke ...

5.4CVSS4.7AI score0.00061EPSS

CVE•added 2023/02/07 11:15 p.m.•48 views

CVE-2023-0730

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function vi...

5.4CVSS4.7AI score0.00091EPSS

CVE•added 2023/02/07 11:15 p.m.•47 views

CVE-2023-0712

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS4.7AI score0.00061EPSS

CVE•added 2023/02/07 11:15 p.m.•47 views

CVE-2023-0723

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forg...

5.4CVSS4.7AI score0.00091EPSS

CVE•added 2023/02/07 10:15 p.m.•45 views

CVE-2023-0728

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forg...

5.4CVSS4.7AI score0.00099EPSS

CVE•added 2023/02/08 12:15 a.m.•44 views

CVE-2023-0718

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS4.7AI score0.00033EPSS

CVE•added 2023/02/08 2:15 a.m.•42 views

CVE-2023-0711

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this ...

5.4CVSS4.7AI score0.00061EPSS

CVE•added 2023/02/08 2:15 a.m.•42 views

CVE-2023-0724

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS4.7AI score0.00091EPSS

CVE•added 2023/02/08 2:15 a.m.•41 views

CVE-2023-0684

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...

5.4CVSS4.7AI score0.00061EPSS

CVE•added 2023/02/08 2:15 a.m.•41 views

CVE-2023-0685

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via...

5.4CVSS4.7AI score0.00091EPSS

CVE•added 2023/02/08 2:15 a.m.•41 views

CVE-2023-0716

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this...

5.4CVSS4.7AI score0.00061EPSS

CVE•added 2023/02/08 2:15 a.m.•40 views

CVE-2023-0715

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...

5.4CVSS4.7AI score0.00061EPSS

CVE•added 2023/02/07 11:15 p.m.•39 views

CVE-2023-0727

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via fo...

5.4CVSS4.7AI score0.00091EPSS

CVE•added 2023/02/07 10:15 p.m.•35 views

CVE-2023-0713

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this ...

5.4CVSS4.7AI score0.00031EPSS

CVE•added 2023/02/08 2:15 a.m.•35 views

CVE-2023-0720

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invok...

5.4CVSS4.7AI score0.00049EPSS

CVE•added 2023/02/08 2:15 a.m.•35 views

CVE-2023-0722

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forge...

5.4CVSS4.7AI score0.00091EPSS

CVE•added 2023/02/08 2:15 a.m.•35 views

CVE-2023-0726

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forg...

5.4CVSS4.7AI score0.00091EPSS

CVE•added 2023/02/08 2:15 a.m.•34 views

CVE-2023-0725

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via for...

5.4CVSS4.7AI score0.00091EPSS

CVE•added 2023/06/09 6:15 a.m.•30 views

CVE-2023-0729

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_sort_order function. This makes it possible for unauthenticated attackers to invoke this function via ...

5.4CVSS4.3AI score0.00086EPSS

CVE•added 2023/02/08 2:15 a.m.•29 views

CVE-2023-0717

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke th...

5.4CVSS4.7AI score0.00061EPSS