8778 matches found
CVE-2022-2696
The CVE affects the WordPress plugin The Restaurant Menu – Food Ordering System – Table Reservation (versions up to 2.3.0). Root cause: missing capability checks and missing nonce validation in multiple AJAX actions, enabling authorization bypass. Impact: authenticated attackers with minimal priv...
WordPress plugin Restaurant Menu – Food Ordering System – Table Reservation 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Restaurant Menu - Food...
PT-2022-24056 · WordPress · The Restaurant Menu – Food Ordering System – Table Reservation
Name of the Vulnerable Software and Affected Versions: The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress versions up to, and including, 2.3.1 Description: The issue is due to missing or incorrect nonce validation on several functions called via AJAX actions, such...
PT-2022-18142
Name of the Vulnerable Software and Affected Versions The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress versions up to, and including 2.3.0 Description The issue allows for authorization bypass via several AJAX actions due to missing capability checks and missing...
PT-2022-24435 · WordPress · Vr Calendar
Name of the Vulnerable Software and Affected Versions: VR Calendar plugin for WordPress versions up to, and including, 2.3.3 Description: The issue is due to missing or incorrect nonce validation on several functions, making it possible for unauthenticated attackers to delete and modify calendars...
Exploit for SQL Injection in Reputeinfosystems Bookingpress
CVE-2022-0739 Proof-of-Concept exploit SQLI BookingPress befo...
WordPress demon image annotation cross-site request forgery vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. Cross-site request forgery vulnerability exists in WordPress demon image annotation 4.7 and earlier versions, which stems from the lack of nonce...
CVE-2022-2864
The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...
CVE-2022-2864
The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...
CVE-2022-2864
The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...
Cross site request forgery (csrf)
The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...
CVE-2022-2864
The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...
CVE-2022-2864
The demon image annotation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.7. This is due to missing nonce validation in the /includes/settings.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and...
WordPress plugin demon image annotation 跨站请求伪造漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. Cross-site request forgery vulnerability exists in WordPress demon image annotation 4.7 and earlier versions, which stems from the lack of nonce...
PT-2022-19129 · WordPress · Demon Image Annotation Plugin
Name of the Vulnerable Software and Affected Versions: demon image annotation plugin for WordPress versions up to, and including, 4.7 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation in the /includes/settings.php file. This allows unauthenticated...
Malicious code in safe-nonce-6218 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b26fc284064f9aad0b6e5f8e05c9ee3c7d9642783b8431ac1e90a4bcdfc869a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
Malicious code in safe-nonce-7218 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e864553aef6b02164be2545e5e92bc8443d5eea8820f88a44a30f84a773c8e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5906 Malicious code in safe-nonce-7218 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0e864553aef6b02164be2545e5e92bc8443d5eea8820f88a44a30f84a773c8e4 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-5905 Malicious code in safe-nonce-6218 (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware b26fc284064f9aad0b6e5f8e05c9ee3c7d9642783b8431ac1e90a4bcdfc869a6 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
WordPress plugin LBStopAttack 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...