Patreon

Patreon Wordpress

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
6.5

CVE-2025-24588

  • EPSS 0.29%
  • Veröffentlicht 24.01.2025 18:15:35
  • Zuletzt bearbeitet 24.01.2025 18:15:35

Missing Authorization vulnerability in Patreon Patreon WordPress allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Patreon WordPress: from n/a through 1.9.1.

5.3

CVE-2024-37430

  • EPSS 0.14%
  • Veröffentlicht 09.07.2024 11:15:14
  • Zuletzt bearbeitet 21.11.2024 09:23:50

Authentication Bypass by Spoofing vulnerability in Patreon Patreon WordPress allows Functionality Misuse.This issue affects Patreon WordPress: from n/a through 1.9.0.

8.8

CVE-2023-41129

  • EPSS 0.14%
  • Veröffentlicht 18.11.2023 23:15:09
  • Zuletzt bearbeitet 21.11.2024 08:20:38

Cross-Site Request Forgery (CSRF) vulnerability in Patreon Patreon WordPress.This issue affects Patreon WordPress: from n/a through 1.8.6.

5.5

CVE-2021-25026

Exploit
  • EPSS 0.2%
  • Veröffentlicht 14.03.2022 15:15:09
  • Zuletzt bearbeitet 21.11.2024 05:54:12

The Patreon WordPress plugin before 1.8.2 does not sanitise and escape the field "Custom Patreon Page name", which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed

9.6

CVE-2021-24228

Exploit
  • EPSS 0.86%
  • Veröffentlicht 12.04.2021 14:15:16
  • Zuletzt bearbeitet 21.11.2024 05:52:38

The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form (wp-login.php) is hooked by the plugin and offers to allow users to authenticate on the site us...

9.6

CVE-2021-24229

Exploit
  • EPSS 0.64%
  • Veröffentlicht 12.04.2021 14:15:16
  • Zuletzt bearbeitet 21.11.2024 05:52:38

The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreon_save_attachment_patreon_level AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscriber...

8.1

CVE-2021-24230

Exploit
  • EPSS 0.12%
  • Veröffentlicht 12.04.2021 14:15:16
  • Zuletzt bearbeitet 21.11.2024 05:52:38

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If...

6.5

CVE-2021-24231

Exploit
  • EPSS 0.09%
  • Veröffentlicht 12.04.2021 14:15:16
  • Zuletzt bearbeitet 21.11.2024 05:52:38

The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link.

7.5

CVE-2021-24227

Exploit
  • EPSS 38.69%
  • Veröffentlicht 12.04.2021 14:15:15
  • Zuletzt bearbeitet 21.11.2024 05:52:38

The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-co...

9.8

CVE-2018-20984

  • EPSS 0.8%
  • Veröffentlicht 22.08.2019 14:15:12
  • Zuletzt bearbeitet 21.11.2024 04:02:37

The patreon-connect plugin before 1.2.2 for WordPress has Object Injection.