8778 matches found
CVE-2022-40223
Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...
CVE-2022-40223
Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...
Authorization
Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...
CVE-2022-40223 WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability
Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...
CVE-2022-40223 WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability
Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...
PT-2022-25292 · Searchwp · Searchwp
Name of the Vulnerable Software and Affected Versions: SearchWP premium plugin versions = 4.2.5 Description: The issue concerns nonce token leakage and missing authorization in the SearchWP premium plugin, allowing unauthorized changes to plugin settings. Recommendations: For SearchWP premium...
WordPress plugin SearchWP premium 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
Cross site request forgery (csrf)
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...
CVE-2022-3776
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...
CVE-2022-2696
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attacke...
CVE-2022-3852
The VR Calendar plugin for WordPress (versions up to 2.3.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation on several functions. This enables unauthenticated attackers to delete or modify calendars and plugin settings by inducing an admin to perform forged a...
CVE-2022-3852 VR Calendar <= 2.3.3 - Cross-Site Request Forgery
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...
CVE-2022-3776
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...
CVE-2022-2696
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attacke...
Cross site request forgery (csrf)
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...
Authorization
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attacke...
CVE-2022-3776 Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...
CVE-2022-3776 Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.1 - Cross-Site Request Forgery
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on several functions called via AJAX actions such as formsaction, setoption...
CVE-2022-2696 Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.0 - Missing Authorization on AJAX Actions
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attacke...
CVE-2022-2696 Restaurant Menu – Food Ordering System – Table Reservation <= 2.3.0 - Missing Authorization on AJAX Actions
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attacke...