8777 matches found
Cache Images < 3.2.1 - Image Upload / Import via CSRF
The plugin does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. PoC Allows import of any images with any user level...
GHSA-W3VW-CCC5-QR8V Use After Free in Context::start_auth_session
Impact This issue only applies to applications starting authorization sessions using an explicit initial nonce. When Context::startauthsession was called with a nonce argument value of Some..., the nonce pointer passed down through FFI to EsysStartAuthSession would be a dangling pointer, left ove...
Use After Free in Context::start_auth_session
Impact This issue only applies to applications starting authorization sessions using an explicit initial nonce. When Context::startauthsession was called with a nonce argument value of Some..., the nonce pointer passed down through FFI to EsysStartAuthSession would be a dangling pointer, left ove...
PT-2022-3259 · Argo Cd · Argo Cd
Name of the Vulnerable Software and Affected Versions: Argo CD versions 0.11.0 through 2.4.0 Argo CD versions 2.1.0 through 2.1.15 Argo CD versions 2.2.0 through 2.2.9 Argo CD versions 2.3.0 through 2.3.4 Description: The issue is related to the use of insufficiently random values in parameters i...
CVE-2022-1749
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createpluginatfadminsettingpage function found in the /inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and...
CVE-2022-1969
The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the adminupdatedata function. This makes it possible for unauthenticated attackers to inject malicious...
CVE-2022-1749
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createpluginatfadminsettingpage function found in the /inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and...
Cross site request forgery (csrf)
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createpluginatfadminsettingpage function found in the /inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and...
Cross site request forgery (csrf)
The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the adminupdatedata function. This makes it possible for unauthenticated attackers to inject malicious...
CVE-2022-1969 Mobile browser color select <= 1.0.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the adminupdatedata function. This makes it possible for unauthenticated attackers to inject malicious...
CVE-2022-1918
The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugintoolbarcomparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject...
CVE-2022-1761
The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more...
CVE-2022-1777
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...
CVE-2022-1777
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...
CVE-2022-1761
The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more...
Cross site request forgery (csrf)
The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web...
Cross site request forgery (csrf)
The Peter’s Collaboration E-mails WordPress plugin through 2.2.0 is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more...
Code injection
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...
Cross site request forgery (csrf)
The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugintoolbarcomparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject...
CVE-2022-1749 WPMK Ajax Finder <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createpluginatfadminsettingpage function found in the /inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and...