‼ CVE-2023-0727 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-23026 ‼
📖 Read
via "National Vulnerability Database".
Cross site scripting (XSS) vulnerability in sourcecodester oretnom23 sales management system 1.0, allows attackers to execute arbitrary code via the product_name and product_price inputs in file print.php.📖 Read
via "National Vulnerability Database".
âš OpenSSL fixes High Severity data-stealing bug – patch now! âš
📖 Read
via "Naked Security".
7 memory mismanagements and a timing attack. We explain all the jargon bug terminology in plain English...📖 Read
via "Naked Security".
Sophos News
Naked Security – Sophos News
‼ CVE-2023-0725 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0726 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0711 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0716 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0739 ‼
📖 Read
via "National Vulnerability Database".
Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0724 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0685 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin..📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0720 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0717 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0722 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0715 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0684 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0742 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0741 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43761 ‼
📖 Read
via "National Vulnerability Database".
Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0740 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0744 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2094 ‼
📖 Read
via "National Vulnerability Database".
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".