CVE-2022-1912 Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting

The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...

CVE-2022-1912 Button Widget Smartsoft <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting

The Button Widget Smartsoft plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation on the smartsoftbuttonsettings page. This makes it possible for unauthenticated attackers to update the plugins settings an...

CVE-2022-2435 AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting

The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for unauthenticated attackers to...

CVE-2022-2435 AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting

The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for unauthenticated attackers to...

CVE-2022-2223 Image Slider <= 1.1.121 - Cross-Site Request Forgery to Post Duplication

The WordPress plugin Image Slider is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1.121 due to failure to properly check for the existence of a nonce in the function ewicduplicateslider. This make it possible for unauthenticated attackers to duplicate existing posts...

CVE-2022-2108 Wbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass

The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it...

CVE-2022-2108 Wbcom Designs – BuddyPress Group Reviews <= 2.8.3 - Unauthorized AJAX Actions due to Nonce Bypass

The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it...

Authentication Bypass

packbackbooks/lti-1p3-tool is vulnerable to authentication bypass. The vulnerability exists because the checkNonce function of ImsCache.php does not properly validate the nonce values sent by authentication requests...

PT-2022-14256 · WordPress · Dx Share Selection

Name of the Vulnerable Software and Affected Versions: DX Share Selection plugin for WordPress versions up to, and including 1.4 Description: The issue is due to missing nonce protection on the dxss admin page function found in the /dx-share-selection.php file, making it possible for...

PT-2022-16633

Name of the Vulnerable Software and Affected Versions AnyMind Widget plugin for WordPress versions up to, and including 1.1 Description The issue is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for...

PT-2022-14615 · WordPress · Free Live Chat Support

Name of the Vulnerable Software and Affected Versions: Free Live Chat Support plugin for WordPress versions up to, and including 1.0.11 Description: The issue is due to missing nonce protection on the livesupporti settings function found in the /livesupporti.php file. This allows unauthenticated...

PT-2022-16691 · WordPress · Freemind Wp Browser

Name of the Vulnerable Software and Affected Versions: FreeMind WP Browser plugin for WordPress versions up to, and including 1.2 Description: The issue is due to missing nonce protection on the FreemindOptions function found in the /freemind-wp-browser.php file. This allows unauthenticated...

PT-2022-15296 · Unknown · Image Slider

Name of the Vulnerable Software and Affected Versions: Image Slider versions up to, and including 1.1.121 Description: The issue arises from a failure to properly check for the existence of a nonce in the ewic duplicate slider function, making it possible for unauthenticated attackers to duplicat...

PT-2022-14861 · Wbcom Designs · Buddypress Group Reviews

Name of the Vulnerable Software and Affected Versions: Wbcom Designs – BuddyPress Group Reviews for WordPress versions up to, and including, 2.8.3 Description: The issue allows unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in...

PT-2022-15298 · Gallery · Gallery

Name of the Vulnerable Software and Affected Versions: Gallery for Social Photo versions up to, and including 1.0.0.27 Description: The issue is related to Cross-Site Request Forgery due to the failure to properly check for the existence of a nonce in the gifeed duplicate feed function. This allo...

PT-2022-14189 · WordPress · Button Widget Smartsoft

Name of the Vulnerable Software and Affected Versions: The Button Widget Smartsoft plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is due to missing nonce validation on the smartsoftbutton settings page, making it possible for unauthenticated attackers to update t...

GHSA-5P73-QG2V-383H LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0

Impact Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Patches Users should upgrade to version 5.0 immediately Workarounds None...

LTI 1.3 Tool Library's Nonce Claim Value not validated against nonce value sent in Authentication Request before v5.0

Impact Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Patches Users should upgrade to version 5.0 immediately Workarounds None...

GHSA-768M-5W34-2XF5 LTI 1.3 Tool Library's function used to generate random nonces not sufficiently cryptographically complex before v5.0

Impact The function used to generate random nonces was not sufficiently cryptographically complex. As a result values may be predictable and tokens may be forgable. Patches Users should upgrade to version 5.0 immediately Workarounds None...

CVE-2022-31158

LTI 1.3 Tool Library is a library used for building IMS-certified LTI 1.3 tool providers in PHP. Prior to version 5.0, the Nonce Claim Value was not being validated against the nonce value sent in the Authentication Request. Users should upgrade to version 5.0 to receive a patch. There are...