Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-0739PUBLISHED: 2023-02-08Race Condition in Switch in GitHub repository answerdev/answer prior to 1.0.4.
CVE-2023-0716PUBLISHED: 2023-02-08
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_edit_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke this ...
CVE-2023-0717PUBLISHED: 2023-02-08
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_delete_folder function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke thi...
CVE-2023-0720PUBLISHED: 2023-02-08
The Wicked Folders plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the ajax_save_folder_order function in versions up to, and including, 2.18.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke...
CVE-2023-0722PUBLISHED: 2023-02-08
The Wicked Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.18.16. This is due to missing or incorrect nonce validation on the ajax_save_state function. This makes it possible for unauthenticated attackers to invoke this function via forged...
User Rank: Author
2/26/2019 | 7:36:41 PM
Abandon the "permitted by default" network model. Endpoints must prove to networks that they are ready to be exposed to anything beyond their immediate neighborhood. Moderate access requires only basic proof of hygeine, while a new Internet-facing web server (or container) must demonstrate being hardened and ready before the flood gates are opened.