Wickedplugins

Wicked Folders

21 vulnerabilities found.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2023-0711

  • EPSS 0.05%
  • Published 08.02.2023 02:15:07
  • Last modified 21.11.2024 07:37:40

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscr...

4.3

CVE-2023-0684

  • EPSS 0.05%
  • Published 08.02.2023 02:15:07
  • Last modified 21.11.2024 07:37:37

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with ...

4.3

CVE-2023-0718

  • EPSS 0.03%
  • Published 08.02.2023 00:15:08
  • Last modified 21.11.2024 07:37:41

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subsc...

4.3

CVE-2023-0730

  • EPSS 0.07%
  • Published 07.02.2023 23:15:09
  • Last modified 21.11.2024 07:37:42

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for una...

4.3

CVE-2023-0727

  • EPSS 0.07%
  • Published 07.02.2023 23:15:09
  • Last modified 21.11.2024 07:37:42

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthe...

4.3

CVE-2023-0723

  • EPSS 0.07%
  • Published 07.02.2023 23:15:09
  • Last modified 21.11.2024 07:37:41

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthent...

4.3

CVE-2023-0719

  • EPSS 0.05%
  • Published 07.02.2023 23:15:08
  • Last modified 21.11.2024 07:37:41

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with s...

4.3

CVE-2023-0712

  • EPSS 0.05%
  • Published 07.02.2023 23:15:08
  • Last modified 21.11.2024 07:37:40

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subsc...

4.3

CVE-2023-0728

  • EPSS 0.08%
  • Published 07.02.2023 22:15:11
  • Last modified 21.11.2024 07:37:42

The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthent...

4.3

CVE-2023-0713

  • EPSS 0.03%
  • Published 07.02.2023 22:15:11
  • Last modified 21.11.2024 07:37:40

The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscr...