‼ CVE-2023-0725 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0726 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0711 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0716 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0739 ‼
📖 Read
via "National Vulnerability Database".
Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0724 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0685 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin..📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0720 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0717 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0722 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0715 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0684 ‼
📖 Read
via "National Vulnerability Database".
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0742 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0741 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - DOM in GitHub repository answerdev/answer prior to 1.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-43761 ‼
📖 Read
via "National Vulnerability Database".
Missing authentication when creating and managing the B&R APROL database in versions < R 4.2-07 allows reading and changing the system configuration.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0740 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Stored in GitHub repository answerdev/answer prior to 1.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0744 ‼
📖 Read
via "National Vulnerability Database".
Improper Access Control in GitHub repository answerdev/answer prior to 1.0.4.📖 Read
via "National Vulnerability Database".
‼ CVE-2022-2094 ‼
📖 Read
via "National Vulnerability Database".
The Yellow Yard Searchbar WordPress plugin before 2.8.2 does not escape some URL parameters before outputting them back to the user, leading to Reflected Cross-Site Scripting📖 Read
via "National Vulnerability Database".
‼ CVE-2023-0743 ‼
📖 Read
via "National Vulnerability Database".
Cross-site Scripting (XSS) - Generic in GitHub repository answerdev/answer prior to 1.0.4.📖 Read
via "National Vulnerability Database".
👍1
🕴 Why Some Cloud Services Vulnerabilities Are So Hard to Fix 🕴
📖 Read
via "Dark Reading".
Five months after AWS customers were alerted about three vulnerabilities, nearly none had plugged the holes. The reasons why underline a need for change.📖 Read
via "Dark Reading".
Dark Reading
Why Some Cloud Services Vulnerabilities Are So Hard to Fix
Five months after AWS customers were alerted about three vulnerabilities, nearly none had plugged the holes. The reasons why underline a need for change.
🕴 How to Optimize Your Cyber Insurance Coverage 🕴
📖 Read
via "Dark Reading".
From prevention and detection processes to how you handle policy information, having strong cyber insurance coverage can help mitigate cybersecurity attacks.📖 Read
via "Dark Reading".
Dark Reading
How to Optimize Your Cyber Insurance Coverage
From prevention and detection processes to how you handle policy information, having strong cyber insurance coverage can help mitigate cybersecurity attacks.