WP AutoComplete Search <= 1.0.4 - Unauthenticated SQLi

The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX available to unauthenticated users, leading to an unauthenticated SQL injection Extract the nonce from the index page search for "wpautosearchconfig", look for the "nonce" field Invoke the following...

Incorrect behavior in CrossChainExecutorPolygon contract

Lines of code Vulnerability details Description: We have discovered an issue with the CrossChainExecutorPolygon contract. When a message with a nonce that has already been executed is received, the contract does not prevent the message from being processed or display an error message. This issue...

ExecutorAware doesn't adequately validate sender for nonce

Lines of code Vulnerability details Impact Contracts on the execution chain are asked to inherit from ExecutorAware.sol. This gives them the ability to check msgSender and nonce pulled from the calldata in the format encoded by the executor. While the msgSender function adequately checks that the...

Nonce not properly checked in CrossChainExecutorArbitrum contract

Lines of code Vulnerability details Summary The CrossChainExecutorArbitrum contract does not properly check the nonce before executing calls. This allows a potential attacker to replay a batch of calls that have already been executed. Impact If a batch of calls is replayed, it could result in...

DoS on relayCalls when the nonce variable reach type(uint256).max

Lines of code Vulnerability details Impact Denial of service on relayCalls functions when the nonce variable reach typeuint256.max Proof of Concept When the smart contracts start to be used, the variable in storage nonce will start to increment by 1, and since the nonce variable cannot be...

CVE-2022-4220

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquestions function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged...

CVE-2022-4218

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquizzes function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged...

CVE-2022-4219

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request...

CVE-2022-4219

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request...

CVE-2022-4218

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquizzes function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged...

Cross site request forgery (csrf)

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquizzes function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged...

Cross site request forgery (csrf)

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquestions function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged...

CVE-2022-4220 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquestions function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged...

CVE-2022-4220 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquestions function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged...

CVE-2022-4219 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Submitted Response Deletion

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the manage function. This makes it possible for unauthenticated attackers to delete submitted quiz responses via a forged request...

CVE-2022-4218

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquizzes function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged...

WordPress plugin Chained Quiz 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2022-26308 · WordPress · Chained Quiz

Name of the Vulnerable Software and Affected Versions: Chained Quiz plugin for WordPress versions up to, and including, 1.3.2.4 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the list questions function. This allows unauthenticated attackers to...

PT-2022-26300 · WordPress · Chained Quiz

Name of the Vulnerable Software and Affected Versions: Chained Quiz plugin for WordPress versions up to, and including, 1.3.2.4 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the list quizzes function. This allows unauthenticated attackers to...

WordPress plugin Chained Quiz 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...