8783 matches found
CVE-2022-2933 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...
CVE-2022-2933 0mk Shortener <= 0.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on the zeromkoptionspage function. This makes it possible for unauthenticated attackers to inject malicious web scripts vi...
WordPress plugin 0mk Shortener 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
VulnCheck KEV: CVE-2021-24278
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function...
CVE-2023-0557
The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts...
CVE-2023-0557
The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts...
CVE-2023-0557
The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts...
Design/Logic Flaw
The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts...
CVE-2023-0554
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...
CVE-2023-0554
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...
Cross site request forgery (csrf)
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...
CVE-2023-0557 ContentStudio <= 1.2.5 - Information Exposure
The ContentStudio plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 1.2.5. This could allow unauthenticated attackers to obtain a nonce needed for the creation of posts...
CVE-2023-0554 Quick Restaurant Menu <= 2.0.2 - Cross-Site Request Forgery
The Quick Restaurant Menu plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on its AJAX actions. This makes it possible for unauthenticated attackers to update menu items, via forged reque...
ContentStudio < 1.2.6 - Nonce Disclosure
The plugin discloses sensitive information to unauthenticated users, such as a nonce used to create a posts...
PT-2023-16358 · WordPress · Quick Restaurant Menu
Name of the Vulnerable Software and Affected Versions: Quick Restaurant Menu plugin for WordPress versions up to and including 2.0.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on AJAX actions. This allows unauthenticated attackers ...
PT-2023-16361 · WordPress · Contentstudio
Name of the Vulnerable Software and Affected Versions: ContentStudio plugin for WordPress versions up to and including 1.2.5 Description: The issue allows unauthenticated attackers to obtain a nonce needed for the creation of posts, potentially exposing sensitive information. Recommendations: For...
VulnCheck KEV: CVE-2021-24918
The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. As a result, any logged-in user on a vulnerable site could update the settings and store rogue JavaScript on each of its posts and pages...
Unauthorized Access in _verifySignature function due to improper use of msg.sender.
Lines of code Vulnerability details Impact if unmaskedAddressComparisonofferer, msg.sender return; If an attacker is able to call this function and make the msg.sender match the offerer, they will bypass the signature verification check and may be able to execute the contract's functionality as i...
CVE-2023-22912
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...
CVE-2023-22912
An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. CheckUser TokenManager insecurely uses AES-CTR encryption with a repeated aka re-used nonce, allowing an adversary to decrypt...