Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0739PUBLISHED: 2023-02-08Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4.
CVE-2023-0716PUBLISHED: 2023-02-08
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this ...
CVE-2023-0717PUBLISHED: 2023-02-08
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...
CVE-2023-0720PUBLISHED: 2023-02-08
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...
CVE-2023-0722PUBLISHED: 2023-02-08
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged...
User Rank: Author
11/26/2015 | 1:54:33 AM
your pardon is granted. as with spam before it, spoofed source ddos and irresponsibly open servers have brought out every possible form of apologist. i have heard "there is no problem" and "it is not my problem" literally hundreds of times now. i won't take it personally, and i hope you won't take it personally when i tell you that you're plain and simply and completely wrong.
argument by analogy is fraught with error. as in this case, choosing the wrong analogy leads to absurd results. closer to the situation at hand would be holding the builder and architect of a house responsible if the house catches fire and burns the whole neighborhood down because somebody rang the doorbell too hard.
<< This all seems very huffy. The reality of crime is that bad guys often get away with their behavior, and we have to live with this unfairness lest we create even more unfairness. >>
you can live with whatever impositions you wish, but, you can't insist that i do the same. "the reality" as you call it is that in the real world, creating or operating a public nuisance is an actionable offense if someone is injured by it, and the internet has thus far yelled and screamed about "stifling innovation" whenever similar accountability and recourse has been proposed. well, i am not here to censor any content or demand that software creators be licensed or anything else that might stifle innovation.
rather, i'm saying that the collective nuisance cost of the internet's irresponsible device makers and server and network operators is now so high that even the most self deceiving apologist cannot successfully pretend that everything will be ok without giving the lawyers and insurance companies a more defined role.
vixie