8778 matches found
CVE-2022-3747
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
CVE-2022-3747
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
CVE-2022-3898
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...
CVE-2022-3747
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
CVE-2022-3898
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...
CVE-2022-3898
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...
Cross site request forgery (csrf)
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
Cross site request forgery (csrf)
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...
CVE-2022-3898 WP Affiliate Platform <= 6.3.9 - Cross-Site Request Forgery
The WP Affiliate Platform plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.3.9. This is due to missing or incorrect nonce validation on various functions including the affiliatesmenu method. This makes it possible for unauthenticated attackers t...
CVE-2022-3747 Becustom <= 1.0.5.2 - Cross-Site Request Forgery
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
CVE-2022-3747 Becustom <= 1.0.5.2 - Cross-Site Request Forgery
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
PT-2022-24635 · WordPress · Wp-Affiliate-Platform
Name of the Vulnerable Software and Affected Versions: WP Affiliate Platform plugin for WordPress versions up to, and including, 6.3.9 Description: The issue is due to missing or incorrect nonce validation on various functions, including the affiliates menu method. This allows unauthenticated...
PT-2022-24014 · WordPress · Becustom
Name of the Vulnerable Software and Affected Versions: Becustom plugin for WordPress versions up to, and including, 1.0.5.2 Description: The issue is due to missing nonce validation when saving the plugin's settings, making it possible for unauthenticated attackers to update the plugin's settings...
CVE-2021-25059
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download a full copy of the website...
CVE-2021-25059
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download a full copy of the website...
Design/Logic Flaw
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download a full copy of the website...
CVE-2021-25059
The CVE concerns the WordPress Download Plugin before 2.0.0, where the plugin fails to properly validate a user’s privileges to access a backup nonce identifier. This privilege validation flaw could let any logged-in user with an account (e.g., a Subscriber) download a full copy of the website. A...
CVE-2021-25059 Download Plugin < 2.0.0 - Subscriber+ Website Download
The Download Plugin WordPress plugin before 2.0.0 does not properly validate a user has the required privileges to access a backup's nonce identifier, which may allow any users with an account on the site such as subscriber to download a full copy of the website...
JobBoardWP < 1.2.2 - Unauthenticated Arbitrary File Upload
The plugin does not properly validate file names and types in its file upload functionalities, allowing unauthenticated users to upload arbitrary files such as PHP. Setup: 1. Install the vulnerable plugin jobboardwp version 1.2.1 2. In the toast message that appears on the plugin's installation...
Photo Gallery < 1.8.3 - Stored XSS via CSRF
The plugin does not validate and escape some parameters before outputting them back in in JS code later on in another page, which could lead to Stored XSS issue when an attacker makes a logged in admin open a malicious URL or page under their control. Note: The XSS will only trigger for the...