Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-11-21
CVE-2023-0729 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_sort_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0729
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0726 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0726
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0725 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0725
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0724 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0724
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0722 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0722
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0720 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0720
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0717 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0717
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0716 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0716
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0715 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0715
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0711 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the view state of the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0711
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0685 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin..
PLUGIN
Wicked Folders
CVE-2023-0685
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0684 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as changing the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0684
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0718 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0718
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0730 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0730
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0727 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0727
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0723 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0723
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0719 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0719
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0712 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0712
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0728 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator into performing an action such as clicking on a link leading them to perform actions intended for administrators such as changing the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0728
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2023-0713 - Wicked Folders Plugin
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrators such as modifying the folder structure maintained by the plugin.
PLUGIN
Wicked Folders
CVE-2023-0713
Risk Score