cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-0729,https://securityvulnerability.io/vulnerability/CVE-2023-0729,Cross-Site Request Forgery in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress contains a vulnerability that allows unauthenticated attackers to exploit a flaw in the ajax_save_sort_order function due to insufficient nonce validation. This security oversight can lead to unauthorized actions, enabling attackers to manipulate folder structures by tricking a site administrator into executing malicious requests. This vulnerability affects all versions of the plugin up to and including 2.18.16.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0011399999493733048,false,,false,false,false,,false,false,2023-06-09T06:15:00.000Z,0
CVE-2023-0724,https://securityvulnerability.io/vulnerability/CVE-2023-0724,Cross-Site Request Forgery Vulnerability in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress has a vulnerability due to improper nonce validation in the ajax_add_folder function, affecting versions up to 2.18.16. This allows unauthenticated attackers to send malicious requests, potentially causing significant changes to the folder structure managed by the plugin. Attackers can exploit this vulnerability by tricking administrators into clicking on deceitful links, leading to unauthorized actions that compromise site integrity.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0017800000496208668,false,,false,false,false,,false,false,2023-02-08T02:15:00.000Z,0
CVE-2023-0725,https://securityvulnerability.io/vulnerability/CVE-2023-0725,Cross-Site Request Forgery Vulnerability in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit missing nonce validation in the ajax_clone_folder function. This issue enables attackers to trick site administrators into performing unauthorized actions, such as altering the plugin's folder structure, through crafted requests.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0017800000496208668,false,,false,false,false,,false,false,2023-02-08T02:15:00.000Z,0
CVE-2023-0726,https://securityvulnerability.io/vulnerability/CVE-2023-0726,Cross-Site Request Forgery Vulnerability in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress contains a Cross-Site Request Forgery vulnerability in versions up to 2.18.16. This issue arises from inadequate nonce validation within the ajax_edit_folder function, allowing unauthenticated attackers to potentially execute unauthorized actions by tricking a site administrator into clicking on a malicious link. This could lead to unintended changes in the folder structure controlled by the plugin, compromising the integrity of the WordPress site.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0017800000496208668,false,,false,false,false,,false,false,2023-02-08T02:15:00.000Z,0
CVE-2023-0684,https://securityvulnerability.io/vulnerability/CVE-2023-0684,Authorization Bypass in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress is exposed to an authorization bypass vulnerability due to inadequate capability checks in the ajax_unassign_folders function. This flaw affects versions up to and including 2.18.16, allowing authenticated users with subscriber-level permissions and above to execute actions meant for administrators. Consequently, attackers can manipulate folder structures within the plugin, potentially leading to unauthorized modifications and data exposure.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-02-08T02:15:00.000Z,0
CVE-2023-0715,https://securityvulnerability.io/vulnerability/CVE-2023-0715,Authorization Bypass Vulnerability in Wicked Folders for WordPress,"The Wicked Folders plugin for WordPress exhibits a vulnerability that allows authenticated attackers, possessing subscriber-level permissions or higher, to bypass authorization checks on the ajax_clone_folder function. This oversight enables these attackers to perform administrative actions, such as altering the folder structure within the plugin, without the necessary privileges, potentially compromising the security and integrity of the WordPress installation.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-02-08T02:15:00.000Z,0
CVE-2023-0716,https://securityvulnerability.io/vulnerability/CVE-2023-0716,Authorization Bypass in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress allows authenticated users with subscriber-level permissions and above to exploit an authorization bypass due to a missing capability check in the ajax_edit_folder function. This flaw, present in versions up to and including 2.18.16, enables these users to perform administrative actions, such as altering the folder structure that the plugin manages. Such unauthorized access could lead to significant disruptions within the site, affecting both the organization and its users.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-02-08T02:15:00.000Z,0
CVE-2023-0717,https://securityvulnerability.io/vulnerability/CVE-2023-0717,Authorization Bypass in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress contains a vulnerability that allows authenticated attackers with subscriber-level permissions to bypass necessary capability checks. Specifically, the ajax_delete_folder function fails to implement proper authorization, enabling these users to execute administrative actions such as modifying folder structures. This oversight poses a significant risk, allowing users to alter settings or data inappropriately.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-02-08T02:15:00.000Z,0
CVE-2023-0722,https://securityvulnerability.io/vulnerability/CVE-2023-0722,Cross-Site Request Forgery Vulnerability in Wicked Folders for WordPress,"The Wicked Folders plugin for WordPress contains a Cross-Site Request Forgery vulnerability in versions up to 2.18.16. This issue arises from inadequate nonce validation within the ajax_save_state function. As a result, unauthenticated attackers can execute forged requests, potentially tricking site administrators into inadvertently performing unauthorized actions such as altering the folder structure managed by the plugin. This vulnerability emphasizes the importance of robust security measures and proper nonce validation in WordPress plugins.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0017800000496208668,false,,false,false,false,,false,false,2023-02-08T02:15:00.000Z,0
CVE-2023-0711,https://securityvulnerability.io/vulnerability/CVE-2023-0711,Authorization Bypass in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress contains a significant security flaw that allows authenticated users, including those with only subscriber-level permissions, to bypass authorization mechanisms. This vulnerability arises from the absence of a capability check in the ajax_save_state function, which can be exploited to perform administrative actions such as altering the folder structure within the plugin. This compromise can lead to unauthorized access and manipulation of folder visibility settings, posing a serious risk to the integrity of website management for users relying on this plugin.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-02-08T02:15:00.000Z,0
CVE-2023-0685,https://securityvulnerability.io/vulnerability/CVE-2023-0685,Cross-Site Request Forgery Vulnerability in Wicked Folders by WordPress,"The Wicked Folders plugin for WordPress has a vulnerability that allows unauthenticated attackers to exploit missing or incorrect nonce validation in the ajax_unassign_folders function. This weakness can be used to trick site administrators into executing unintended actions, such as modifying the plugin's folder structure, by clicking on a malicious link.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0017800000496208668,false,,false,false,false,,false,false,2023-02-08T02:15:00.000Z,0
CVE-2023-0720,https://securityvulnerability.io/vulnerability/CVE-2023-0720,Authorization Bypass Vulnerability in Wicked Folders for WordPress,"The Wicked Folders plugin for WordPress has a security flaw that could allow authenticated attackers to bypass authorization checks. Specifically, this vulnerability arises from a missing capability validation in the 'ajax_save_folder_order' function. As a result, users with subscriber-level access and higher can execute administrative actions, such as altering the folder organization within the plugin. This could potentially jeopardize the integrity and structure of folder contents, leading to unauthorized modifications.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-02-08T02:15:00.000Z,0
CVE-2023-0718,https://securityvulnerability.io/vulnerability/CVE-2023-0718,Authorization Bypass Vulnerability in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress suffers from an authorization bypass issue due to the absence of a proper capability check in the ajax_save_folder function. This vulnerability allows authenticated attackers, including those with minimal subscriber-level permissions, to exploit this flaw. By doing so, they can execute privileged actions intended for administrators, such as altering the folder structure managed by the plugin, which can lead to unauthorized access and potential data manipulation.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-02-08T00:15:00.000Z,0
CVE-2023-0730,https://securityvulnerability.io/vulnerability/CVE-2023-0730,Cross-Site Request Forgery Vulnerability in Wicked Folders by WordPress,"The Wicked Folders plugin for WordPress is exposed to a Cross-Site Request Forgery attack in versions up to 2.18.16. This vulnerability arises from insufficient nonce validation within the ajax_save_folder_order function, enabling unauthenticated attackers to manipulate functionality with impersonated requests. If successfully executed, the attacker could deceive a site administrator into modifying crucial plugin settings, such as the folder structure, via maliciously crafted links.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0008800000068731606,false,,false,false,false,,false,false,2023-02-07T23:15:00.000Z,0
CVE-2023-0712,https://securityvulnerability.io/vulnerability/CVE-2023-0712,Authorization Bypass Vulnerability in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress is prone to an authorization bypass vulnerability due to a missing capability check in the ajax_move_object function. This issue impacts versions up to 2.18.16. Authenticated users with subscriber-level permissions or higher can exploit this flaw to perform administrative tasks, such as altering the folder structure managed by the plugin, thereby compromising the intended access controls.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-02-07T23:15:00.000Z,0
CVE-2023-0719,https://securityvulnerability.io/vulnerability/CVE-2023-0719,Authorization Bypass in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress is susceptible to an authorization bypass due to the absence of a necessary capability check in the ajax_save_sort_order function. This vulnerability affects all versions up to and including 2.18.16, allowing authenticated users with subscriber-level permissions or higher to execute functions meant for administrators. As a result, these users can alter the folder structure managed by the plugin, potentially compromising the integrity of sensitive data and permissions within the WordPress installation.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-02-07T23:15:00.000Z,0
CVE-2023-0723,https://securityvulnerability.io/vulnerability/CVE-2023-0723,Cross-Site Request Forgery Vulnerability in Wicked Folders Plugin by WordPress,"The Wicked Folders plugin for WordPress has a vulnerability that arises from improper nonce validation in the ajax_move_object function. This flaw allows unauthenticated attackers to exploit the plugin by tricking an administrator into executing unauthorized actions through manipulated requests. Such actions may include altering the folder structure maintained by the plugin, posing significant security risks to WordPress sites utilizing this plugin.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0008800000068731606,false,,false,false,false,,false,false,2023-02-07T23:15:00.000Z,0
CVE-2023-0727,https://securityvulnerability.io/vulnerability/CVE-2023-0727,Cross-Site Request Forgery Vulnerability in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress is compromised by a Cross-Site Request Forgery vulnerability present in versions up to and including 2.18.16. This security flaw arises from inadequate nonce validation within the ajax_delete_folder function. As a result, unauthenticated attackers could exploit this vulnerability by tricking website administrators into initiating actions through manipulated requests. Such actions may lead to unauthorized alterations in the folder structure that the plugin manages, posing a significant risk to the integrity of website configurations.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0008800000068731606,false,,false,false,false,,false,false,2023-02-07T23:15:00.000Z,0
CVE-2023-0728,https://securityvulnerability.io/vulnerability/CVE-2023-0728,Cross-Site Request Forgery Vulnerability in Wicked Folders Plugin for WordPress,"The Wicked Folders plugin for WordPress is susceptible to a Cross-Site Request Forgery (CSRF) vulnerability due to inadequate nonce validation in its ajax_save_folder function. This flaw allows unauthenticated attackers to craft requests that could manipulate the folder structure of the plugin, provided they can deceive an administrator into triggering the malicious request. Users are urged to update to the latest version to mitigate this risk.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0008800000068731606,false,,false,false,false,,false,false,2023-02-07T22:15:00.000Z,0
CVE-2023-0713,https://securityvulnerability.io/vulnerability/CVE-2023-0713,Authorization Bypass Vulnerability in Wicked Folders for WordPress,"The Wicked Folders plugin for WordPress contains a vulnerability that allows authenticated users with subscriber-level permissions or higher to bypass normal authorization checks. This is due to a missing capability verification in the ajax_add_folder function. As a result, attackers can execute administrative actions, such as altering the folder structure within the plugin. It is crucial for users of this plugin to update to the latest version to mitigate any potential security risks.",Wordpress,Wicked Folders,4.3,MEDIUM,0.0006300000241026282,false,,false,false,false,,false,false,2023-02-07T22:15:00.000Z,0
CVE-2021-24919,https://securityvulnerability.io/vulnerability/CVE-2021-24919,Wicked Folders < 2.18.10 - Subscriber+ SQL Injection,"The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection",Wordpress,Wicked Folders,8.8,HIGH,0.00139999995008111,false,,false,false,false,,false,false,2022-02-01T12:21:30.000Z,0