8806 matches found
CVE-2023-2736
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...
CVE-2023-2736
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...
CVE-2023-2736
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...
CVE-2023-2717
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enablesafemode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other...
CVE-2023-2717
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enablesafemode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other...
Cross site request forgery (csrf)
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...
Cross site request forgery (csrf)
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enablesafemode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other...
CVE-2023-2717 Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Disable All Plugins
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enablesafemode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other...
CVE-2023-2717
CVE-2023-2717 affects the Groundhogg WordPress plugin up to version 2.7.9.8. The vulnerability is a CSRF flaw caused by missing nonce validation in the enable_safe_mode function, enabling unauthenticated attackers to trigger Safe Mode and disable all other plugins via a forged request if a site a...
CVE-2023-2736
CVE-2023-2736 affects Groundhogg WordPress plugin (versions
CVE-2023-2736 Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...
CVE-2023-2736 Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation
The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...
PT-2023-21078 · WordPress · Groundhogg
Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to missing nonce validation in the ajax edit contact function, making it possible for authenticated attackers to elevate verified user...
PT-2023-20986 · WordPress · Groundhogg
Name of the Vulnerable Software and Affected Versions: Groundhogg plugin for WordPress versions up to, and including, 2.7.9.8 Description: The issue is due to missing nonce validation on the enable safe mode function, making it possible for unauthenticated attackers to enable safe mode via a forg...
CVE-2023-31135
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...
Design/Logic Flaw
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...
Dgraph Audit Log Encryption Vulnerability
Impact Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. All audit logs generated by versions of Dgraph v23.0.0 are affected. Patches This issue was patched in https://github.com/dgraph-io/dgraph/pull/8323. Dgraph users should upgrade to v23.0.0. Workaround...
GHSA-92WQ-Q9PQ-GW47 Dgraph Audit Log Encryption Vulnerability
Impact Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. All audit logs generated by versions of Dgraph v23.0.0 are affected. Patches This issue was patched in https://github.com/dgraph-io/dgraph/pull/8323. Dgraph users should upgrade to v23.0.0. Workaround...
CVE-2023-31135 Dgraph Audit Log Encryption nonce reuse
Dgraph is an open source distributed GraphQL database. Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. The first 12 bytes come from a baseIv which is initialized when an audit log is created. The last 4 bytes come from the length of the log line being...
CVE-2023-31135
CVE-2023-31135 affects Dgraph audit logs due to nonce collisions in the log encryption scheme. The first 12 bytes come from a baseIv, and the last 4 bytes from the log line length; because log lines often share the same length, nonces are reused. All audit logs generated by versions