Search Results | AttackerKB

Show filters

Topics 3 Users 9,712

Clear All

Disclosure Date

Disclosure Year Disclosure Month

Collection Command and Control Credential Access Defense Evasion Discovery Execution Exfiltration Impact Initial Access Lateral Movement Persistence Privilege Escalation

3 Total Results

Displaying 1-3 of 3

Attacker Value

Unknown

CVE-2022-4974

Disclosure Date: October 16, 2024 (last updated October 16, 2024)

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.

Attack Vector: Network Privileges: Low User Interaction: None

0

Attacker Value

Unknown

CVE-2018-17789

Disclosure Date: September 20, 2019 (last updated November 27, 2024)

Prospecta Master Data Online (MDO) allows CSRF.

Attack Vector: Network Privileges: None User Interaction: Required

0

Attacker Value

Unknown

CVE-2018-17790

Disclosure Date: August 15, 2019 (last updated November 27, 2024)

Prospecta Master Data Online (MDO) 2.0 has Stored XSS.

Attack Vector: Network Privileges: Low User Interaction: Required

0