cbcvebase.

Wickedplugins Wicked Folders vulnerabilities

21 known vulnerabilities affecting wickedplugins/wicked_folders.

Total CVEs
21
CISA KEV
0
Public exploits
0
Exploited in wild
9
Severity breakdown
HIGH1MEDIUM20

Vulnerabilities

Page 1 of 2
CVE-2023-0712P2MEDIUMCVSS 4.3Exploited≤ 2.18.162023-02-07
CVE-2023-0712 [MEDIUM] CWE-862 CVE-2023-0712: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capab The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_move_object function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrat
nvd
CVE-2023-0719P2MEDIUMCVSS 4.3Exploited≤ 2.18.162023-02-07
CVE-2023-0719 [MEDIUM] CWE-862 CVE-2023-0719: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capab The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_sort_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for adminis
nvd
CVE-2023-0718P2MEDIUMCVSS 4.3Exploited≤ 2.18.162023-02-08
CVE-2023-0718 [MEDIUM] CWE-862 CVE-2023-0718: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capab The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrat
nvd
CVE-2023-0720P2MEDIUMCVSS 4.3Exploited≤ 2.18.162023-02-08
CVE-2023-0720 [MEDIUM] CWE-862 CVE-2023-0720: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capab The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for admin
nvd
CVE-2023-0716P2MEDIUMCVSS 4.3Exploited≤ 2.18.162023-02-08
CVE-2023-0716 [MEDIUM] CWE-862 CVE-2023-0716: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capab The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrat
nvd
CVE-2023-0711P2MEDIUMCVSS 4.3Exploited≤ 2.18.162023-02-08
CVE-2023-0711 [MEDIUM] CWE-862 CVE-2023-0711: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capab The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_state function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrato
nvd
CVE-2023-0715P2MEDIUMCVSS 4.3Exploited≤ 2.18.162023-02-08
CVE-2023-0715 [MEDIUM] CWE-862 CVE-2023-0715: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capab The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_clone_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administra
nvd
CVE-2023-0717P2MEDIUMCVSS 4.3Exploited≤ 2.18.162023-02-08
CVE-2023-0717 [MEDIUM] CWE-862 CVE-2023-0717: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capab The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administr
nvd
CVE-2023-0713P2MEDIUMCVSS 4.3Exploited≤ 2.18.162023-02-07
CVE-2023-0713 [MEDIUM] CWE-862 CVE-2023-0713: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capab The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_add_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for administrato
nvd
CVE-2021-24919P3HIGHCVSS 8.8fixed in 2.18.102022-02-01
CVE-2021-24919 [HIGH] CWE-89 CVE-2021-24919: The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id paramet The Wicked Folders WordPress plugin before 2.8.10 does not sanitise and escape the folder_id parameter before using it in a SQL statement in the wicked_folders_save_sort_order AJAX action, available to any authenticated user. leading to an SQL injection
nvd
CVE-2023-0684P4MEDIUMCVSS 4.3≤ 2.18.162023-02-08
CVE-2023-0684 [MEDIUM] CWE-862 CVE-2023-0684: The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capab The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_unassign_folders function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this function and perform actions intended for admini
nvd
CVE-2023-0723P4MEDIUMCVSS 4.3≤ 2.18.162023-02-07
CVE-2023-0723 [MEDIUM] CWE-352 CVE-2023-0723: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_move_object function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator
nvd
CVE-2023-0727P4MEDIUMCVSS 4.3≤ 2.18.162023-02-07
CVE-2023-0727 [MEDIUM] CWE-352 CVE-2023-0727: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_delete_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrat
nvd
CVE-2023-0730P4MEDIUMCVSS 4.3≤ 2.18.162023-02-07
CVE-2023-0730 [MEDIUM] CWE-352 CVE-2023-0730: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder_order function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site adminis
nvd
CVE-2023-0728P4MEDIUMCVSS 4.3≤ 2.18.162023-02-07
CVE-2023-0728 [MEDIUM] CWE-352 CVE-2023-0728: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator
nvd
CVE-2023-0725P4MEDIUMCVSS 4.3≤ 2.18.162023-02-08
CVE-2023-0725 [MEDIUM] CWE-352 CVE-2023-0725: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_clone_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrato
nvd
CVE-2023-0685P4MEDIUMCVSS 4.3≤ 2.18.162023-02-08
CVE-2023-0685 [MEDIUM] CWE-352 CVE-2023-0685: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_unassign_folders function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administ
nvd
CVE-2023-0722P4MEDIUMCVSS 4.3≤ 2.18.162023-02-08
CVE-2023-0722 [MEDIUM] CWE-352 CVE-2023-0722: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator
nvd
CVE-2023-0724P4MEDIUMCVSS 4.3≤ 2.18.162023-02-08
CVE-2023-0724 [MEDIUM] CWE-352 CVE-2023-0724: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_add_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator
nvd
CVE-2023-0726P4MEDIUMCVSS 4.3≤ 2.18.162023-02-08
CVE-2023-0726 [MEDIUM] CWE-352 CVE-2023-0726: The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up t The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_edit_folder function. This makes it possible for unauthenticated attackers to invoke this function via forged request granted they can trick a site administrator
nvd
Wickedplugins Wicked Folders vulnerabilities | cvebase