8782 matches found
FL3R FeelBox <= 8.1 - Unauthenticated SQLi
The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection. 1. Visit a blog post and extract the nonce from the source search for "feelboxAjax", and extract the "token" curl -s...
CVE-2023-0403
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...
CVE-2023-0403
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...
Cross site request forgery (csrf)
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.0. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...
CVE-2023-0403 Social Warfare <= 4.3.1 - Cross-Site Request Forgery
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...
CVE-2023-0403 Social Warfare <= 4.3.1 - Cross-Site Request Forgery
The Social Warfare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on several AJAX actions. This makes it possible for unauthenticated attackers to delete post meta information and reset...
PT-2023-16244 · WordPress · Social Warfare
Name of the Vulnerable Software and Affected Versions: Social Warfare plugin for WordPress versions up to, and including, 4.4.0 Description: The issue is due to missing or incorrect nonce validation on several AJAX actions, making it possible for unauthenticated attackers to delete post meta...
CVE-2023-0385
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...
CVE-2023-0385
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...
Cross site request forgery (csrf)
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...
CVE-2023-0385 Custom 404 Pro <= 3.7.1 - Cross-Site Request Forgery
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...
CVE-2023-0385 Custom 404 Pro <= 3.7.1 - Cross-Site Request Forgery
The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...
PT-2023-16234 · WordPress · Custom 404 Pro
Name of the Vulnerable Software and Affected Versions: Custom 404 Pro plugin for WordPress versions up to, and including, 3.7.1 Description: The issue is due to missing or incorrect nonce validation on the custom 404 pro admin init function, making it possible for unauthenticated attackers to...
WordPress plugin Custom 404 Pro 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A cross-site request forgery vulnerability...
KYC signature can be reused to regain KYC status
Lines of code Vulnerability details The function addKYCAddressViaSignature of the KYCRegistry contract allows a user to be granted a KYC status using a signature provided by Ondo. The function validates that the signer has the corresponding role for the requirement group and adds the user to the...
Stream < 3.9.2 - Subscriber+ Alert Creation
The plugin does not prevent users with little privileges on the site like subscribers from using its alert creation functionality, which may enable them to leak sensitive information. Step 1: Log in as a subscriber Step 2: Get a nonce from...
Signature Replay no nonce
Lines of code Vulnerability details Impact There is a signature replay vulnerability. That means that the signature can be reused in the same contract from anyone calling. The vulnerability relies in the fact that there is no nonce specified for every caller. This means that you can take a...
sec.custhelp.com Open Redirect vulnerability OBB-3151771
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
CVE-2023-0294
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image...
CVE-2023-0294
The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image...