Threat and Vulnerability Intelligence Database

RSS Feed

Example Searches:

CVE
Threat Actors
Countries
Vendors
Severity
Known Exploited

CVE-2023-2563
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7....
Description: The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.7. This is due to missing or incorrect nonce validation on the function _accua_forms_form_edit_action. This makes it possible for unauthenticated attackers to delete forms created with this plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (4.3)

EPSS Score: 0.11%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-2351
The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on...
Description: The WP Directory Kit plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'ajax_admin' function in versions up to, and including, 1.2.3. This makes it possible for authenticated attackers with subscriber-level permissions or above to delete or change plugin settings, import demo data, delete Directory Kit related posts and terms, and install arbitrary plugins. A partial patch was introduced in version 1.2.0.

CVSS: MEDIUM (6.5)

EPSS Score: 0.12%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-2277
The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to...
Description: The WP Directory Kit plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to missing or incorrect nonce validation on the 'insert' function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.15%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2023-2083
The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function...
Description: The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is present, it is only executed when a nonce is provided. Not providing a nonce results in the nonce verification to be skipped. There is no capability check.

CVSS: MEDIUM (4.3)

EPSS Score: 0.08%

Source: CVE
December 4th, 2024 (5 months ago)

CVE-2024-53784
WordPress Smart Marketing SMS and Newsletters Forms plugin <= 5.0.9 - Broken Access Control vulnerability
Description: Missing Authorization vulnerability in E-goi Smart Marketing SMS and Newsletters Forms allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart Marketing SMS and Newsletters Forms: from n/a through 5.0.9.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53775
WordPress DancePress (TRWA) plugin <= 3.1.11 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in TannerRitchie Web Applications/DancePress DancePress (TRWA) allows Cross Site Request Forgery.This issue affects DancePress (TRWA): from n/a through 3.1.11.

CVSS: MEDIUM (4.3)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53761
WordPress WP Revisions Manager plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP Revisions Manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through 1.0.2.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53751
WordPress Build App Online plugin <= 1.0.22 - Cross Site Request Forgery (CSRF) vulnerability
Description: Cross-Site Request Forgery (CSRF) vulnerability in Abdul Hakeem Build App Online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through 1.0.22.

CVSS: MEDIUM (5.4)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53741
WordPress Simple Popup plugin <= 4.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Popup allows DOM-Based XSS.This issue affects Simple Popup: from n/a through 4.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)

CVE-2024-53721
WordPress Advanced Event Manager plugin <= 1.1.6 - Cross Site Scripting (XSS) vulnerability
Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Stachethemes Advanced Event Manager allows Stored XSS.This issue affects Advanced Event Manager: from n/a through 1.1.6.

CVSS: MEDIUM (6.5)

EPSS Score: 0.04%

Source: CVE
December 3rd, 2024 (5 months ago)