Search

Find a vulnerability

Search criteria

    6 vulnerabilities found for anti_hacker by billminozzi

    CVE-2024-1861 (GCVE-0-2024-1861)

    Vulnerability from nvd – Published: 2024-02-28 09:33 – Updated: 2026-04-08 17:17
    VLAI
    Title
    Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.52 - Missing Authorization to Authenticated (Subscriber+) Table Truncation
    Summary
    The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Credits
    Lucio Sá
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-29T19:33:55.359667Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:59:57.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.365Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b80c8888-e8d6-4458-ae93-8e4182060590?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3040447%40antihacker\u0026new=3040447%40antihacker\u0026sfp_email=\u0026sfph_mail="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan",
              "vendor": "sminozzi",
              "versions": [
                {
                  "lessThanOrEqual": "4.52",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lucio S\u00e1"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:17:43.305Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b80c8888-e8d6-4458-ae93-8e4182060590?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3040447%40antihacker\u0026new=3040447%40antihacker\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-27T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan \u003c= 4.52 - Missing Authorization to Authenticated (Subscriber+) Table Truncation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-1861",
        "datePublished": "2024-02-28T09:33:35.483Z",
        "dateReserved": "2024-02-23T18:54:06.793Z",
        "dateUpdated": "2026-04-08T17:17:43.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1860 (GCVE-0-2024-1860)

    Vulnerability from nvd – Published: 2024-02-28 09:33 – Updated: 2026-04-08 16:47
    VLAI
    Title
    Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist
    Summary
    The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    sminozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan Affected: 0 , ≤ 4.51 (semver)
    Create a notification for this product.
    sminozzi disable_json_api_login_lockdown_xml_rpc_pingback_stop_user_enumeration_anit_hacker_scan Affected: 0 , ≤ 4.51 (custom)
        cpe:2.3:a:sminozzi:disable_json_api_login_lockdown_xml_rpc_pingback_stop_user_enumeration_anit_hacker_scan:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lucio Sá
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sminozzi:disable_json_api_login_lockdown_xml_rpc_pingback_stop_user_enumeration_anit_hacker_scan:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "disable_json_api_login_lockdown_xml_rpc_pingback_stop_user_enumeration_anit_hacker_scan",
                "vendor": "sminozzi",
                "versions": [
                  {
                    "lessThanOrEqual": "4.51",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1860",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T18:36:18.959710Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T15:58:09.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d365284-73ac-4730-a83d-9202677cf161?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3040434%40antihacker\u0026new=3040434%40antihacker\u0026sfp_email=\u0026sfph_mail="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan",
              "vendor": "sminozzi",
              "versions": [
                {
                  "lessThanOrEqual": "4.51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lucio S\u00e1"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:47:39.380Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d365284-73ac-4730-a83d-9202677cf161?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3040434%40antihacker\u0026new=3040434%40antihacker\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-27T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan \u003c= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-1860",
        "datePublished": "2024-02-28T09:33:34.407Z",
        "dateReserved": "2024-02-23T18:51:36.723Z",
        "dateUpdated": "2026-04-08T16:47:39.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-50858 (GCVE-0-2023-50858)

    Vulnerability from nvd – Published: 2023-12-28 10:31 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Anti Hacker Plugin <= 4.34 is vulnerable to Cross Site Request Forgery (CSRF)
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Credits
    Mika (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:44.036Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/antihacker/wordpress-anti-hacker-plugin-4-34-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "antihacker",
              "product": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan",
              "vendor": "Bill Minozzi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "4.35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "4.34",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mika (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.\u003cp\u003eThis issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:59.619Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/antihacker/wordpress-anti-hacker-plugin-4-34-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a04.35 or a higher version."
                }
              ],
              "value": "Update to\u00a04.35 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Anti Hacker Plugin \u003c= 4.34 is vulnerable to Cross Site Request Forgery (CSRF)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-50858",
        "datePublished": "2023-12-28T10:31:43.530Z",
        "dateReserved": "2023-12-14T17:19:16.270Z",
        "dateUpdated": "2026-04-28T16:08:59.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1861 (GCVE-0-2024-1861)

    Vulnerability from cvelistv5 – Published: 2024-02-28 09:33 – Updated: 2026-04-08 17:17
    VLAI
    Title
    Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.52 - Missing Authorization to Authenticated (Subscriber+) Table Truncation
    Summary
    The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Credits
    Lucio Sá
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1861",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-29T19:33:55.359667Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-06-04T17:59:57.700Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.365Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b80c8888-e8d6-4458-ae93-8e4182060590?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3040447%40antihacker\u0026new=3040447%40antihacker\u0026sfp_email=\u0026sfph_mail="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan",
              "vendor": "sminozzi",
              "versions": [
                {
                  "lessThanOrEqual": "4.52",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lucio S\u00e1"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_truncate_scan_table() function in all versions up to, and including, 4.52. This makes it possible for authenticated attackers, with subscriber-level access and above, to truncate the scan table."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T17:17:43.305Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/b80c8888-e8d6-4458-ae93-8e4182060590?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3040447%40antihacker\u0026new=3040447%40antihacker\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-27T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan \u003c= 4.52 - Missing Authorization to Authenticated (Subscriber+) Table Truncation"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-1861",
        "datePublished": "2024-02-28T09:33:35.483Z",
        "dateReserved": "2024-02-23T18:54:06.793Z",
        "dateUpdated": "2026-04-08T17:17:43.305Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-1860 (GCVE-0-2024-1860)

    Vulnerability from cvelistv5 – Published: 2024-02-28 09:33 – Updated: 2026-04-08 16:47
    VLAI
    Title
    Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan <= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist
    Summary
    The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    sminozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan Affected: 0 , ≤ 4.51 (semver)
    Create a notification for this product.
    sminozzi disable_json_api_login_lockdown_xml_rpc_pingback_stop_user_enumeration_anit_hacker_scan Affected: 0 , ≤ 4.51 (custom)
        cpe:2.3:a:sminozzi:disable_json_api_login_lockdown_xml_rpc_pingback_stop_user_enumeration_anit_hacker_scan:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Lucio Sá
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:sminozzi:disable_json_api_login_lockdown_xml_rpc_pingback_stop_user_enumeration_anit_hacker_scan:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "disable_json_api_login_lockdown_xml_rpc_pingback_stop_user_enumeration_anit_hacker_scan",
                "vendor": "sminozzi",
                "versions": [
                  {
                    "lessThanOrEqual": "4.51",
                    "status": "affected",
                    "version": "0",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1860",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-02-28T18:36:18.959710Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-04-22T15:58:09.817Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:56:22.305Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d365284-73ac-4730-a83d-9202677cf161?source=cve"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3040434%40antihacker\u0026new=3040434%40antihacker\u0026sfp_email=\u0026sfph_mail="
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan",
              "vendor": "sminozzi",
              "versions": [
                {
                  "lessThanOrEqual": "4.51",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Lucio S\u00e1"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the antihacker_add_whitelist() function in all versions up to, and including, 4.51. This makes it possible for unauthenticated attackers to add their IP Address to the whitelist circumventing protection"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 6.5,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-862",
                  "description": "CWE-862 Missing Authorization",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:47:39.380Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3d365284-73ac-4730-a83d-9202677cf161?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3040434%40antihacker\u0026new=3040434%40antihacker\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-02-27T00:00:00.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan \u003c= 4.51 - Missing Authorization to Unauthenticated IP Address Whitelist"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-1860",
        "datePublished": "2024-02-28T09:33:34.407Z",
        "dateReserved": "2024-02-23T18:51:36.723Z",
        "dateUpdated": "2026-04-08T16:47:39.380Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2023-50858 (GCVE-0-2023-50858)

    Vulnerability from cvelistv5 – Published: 2023-12-28 10:31 – Updated: 2026-04-28 16:08
    VLAI
    Title
    WordPress Anti Hacker Plugin <= 4.34 is vulnerable to Cross Site Request Forgery (CSRF)
    Summary
    Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34.
    CWE
    • CWE-352 - Cross-Site Request Forgery (CSRF)
    Assigner
    References
    Credits
    Mika (Patchstack Alliance)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:23:44.036Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://patchstack.com/database/vulnerability/antihacker/wordpress-anti-hacker-plugin-4-34-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "collectionURL": "https://wordpress.org/plugins",
              "defaultStatus": "unaffected",
              "packageName": "antihacker",
              "product": "Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan",
              "vendor": "Bill Minozzi",
              "versions": [
                {
                  "changes": [
                    {
                      "at": "4.35",
                      "status": "unaffected"
                    }
                  ],
                  "lessThanOrEqual": "4.34",
                  "status": "affected",
                  "version": "n/a",
                  "versionType": "custom"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "user": "00000000-0000-4000-9000-000000000000",
              "value": "Mika (Patchstack Alliance)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.\u003cp\u003eThis issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34.\u003c/p\u003e"
                }
              ],
              "value": "Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan.This issue affects Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan: from n/a through 4.34."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "LOW",
                "baseScore": 5.4,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "NONE",
                "integrityImpact": "LOW",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-352",
                  "description": "CWE-352 Cross-Site Request Forgery (CSRF)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-28T16:08:59.619Z",
            "orgId": "21595511-bba5-4825-b968-b78d1f9984a3",
            "shortName": "Patchstack"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://patchstack.com/database/vulnerability/antihacker/wordpress-anti-hacker-plugin-4-34-cross-site-request-forgery-csrf-vulnerability?_s_id=cve"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "Update to\u00a04.35 or a higher version."
                }
              ],
              "value": "Update to\u00a04.35 or a higher version."
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "WordPress Anti Hacker Plugin \u003c= 4.34 is vulnerable to Cross Site Request Forgery (CSRF)",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3",
        "assignerShortName": "Patchstack",
        "cveId": "CVE-2023-50858",
        "datePublished": "2023-12-28T10:31:43.530Z",
        "dateReserved": "2023-12-14T17:19:16.270Z",
        "dateUpdated": "2026-04-28T16:08:59.619Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }