Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total8
Critical0
High0
Medium8
Reset
Showing 1-8 of 8 records
Threat Entry Updated 2024-08-19

CVE-2023-4730 - Ladipage Plugin

The LadiApp plugn for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to modify a variety of settings. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts.

PLUGIN Ladipage

CVE-2023-4730

MEDIUM CVSS 5.3 2024-08-17
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2023-4731 - Ladipage Plugin

The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts,

PLUGIN Ladipage

CVE-2023-4731

MEDIUM CVSS 4.3 2024-03-12
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2023-4729 - Ladipage Plugin

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Ladipage

CVE-2023-4729

MEDIUM CVSS 4.3 2024-03-12
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2023-4728 - Ladipage Plugin

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the publish_lp() function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to change the LadiPage key (a key fully controlled by the attacker), enabling them to freely create new pages, including web pages that trigger stored XSS

PLUGIN Ladipage

CVE-2023-4728

MEDIUM CVSS 4.3 2024-03-12
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2023-4629 - Ladipage Plugin

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the save_config() function in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to update the 'ladipage_config' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Ladipage

CVE-2023-4629

MEDIUM CVSS 4.3 2024-03-12
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2023-4628 - Ladipage Plugin

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflow_hook_configs' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Ladipage

CVE-2023-4628

MEDIUM CVSS 4.3 2024-03-12
Open Full Technical Breakdown
Threat Entry Updated 2025-01-15

CVE-2023-4627 - Ladipage Plugin

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_config() function in versions up to, and including, 4.4. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladipage_config' option.

PLUGIN Ladipage

CVE-2023-4627

MEDIUM CVSS 4.3 2024-03-12
Open Full Technical Breakdown
Threat Entry Updated 2025-01-21

CVE-2023-4626 - Ladipage Plugin

The LadiApp plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ladiflow_save_hook() function in versions up to, and including, 4.3. This makes it possible for authenticated attackers with subscriber-level access and above to update the 'ladiflow_hook_configs' option.

PLUGIN Ladipage

CVE-2023-4626

MEDIUM CVSS 4.3 2024-03-12
Open Full Technical Breakdown
Scroll to top