CVE-2022-1749 WPMK Ajax Finder <= 1.0.1 - Cross-Site Request Forgery to Cross-Site Scripting

The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createpluginatfadminsettingpage function found in the /inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and...

CVE-2022-1900 Copify <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web...

CVE-2022-1900 Copify <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web...

CVE-2022-1777 Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls

The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload...

CVE-2022-1777

CVE-2022-1777 affects the WordPress Filr plugin (prior to 1.2.2.1). Two AJAX actions (upload_file, delete_file) lack proper authorization checks; nonce-based protection is exposed via dashboard, enabling any authenticated user (e.g., subscriber) to upload arbitrary HTML files and delete files. Re...

PT-2022-14083

Name of the Vulnerable Software and Affected Versions WPMK Ajax Finder WordPress plugin versions up to and including 1.0.1 Description The issue is related to Cross-Site Request Forgery, which occurs due to a missing nonce check in the createplugin atf admin setting page function found in the...

PT-2022-14227 · WordPress · Mobile Browser Color Select Plugin

Name of the Vulnerable Software and Affected Versions: Mobile browser color select plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is due to missing or incorrect nonce validation on the admin update data function, making it possible for unauthenticated attackers t...

PT-2022-14194 · WordPress · Toolbar To Share

Name of the Vulnerable Software and Affected Versions: ToolBar to Share plugin for WordPress versions up to, and including, 2.0 Description: The issue is due to missing nonce validation on the plugin toolbar comparte page, making it possible for unauthenticated attackers to update the plugin's...

PT-2022-14179 · WordPress · Copify

Name of the Vulnerable Software and Affected Versions: Copify plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is due to missing nonce validation on the CopifySettings page, making it possible for unauthenticated attackers to update the plugin's settings and inject...

VulnCheck KEV: CVE-2022-1903

The ARMember WordPress plugin before 3.4.8 is vulnerable to account takeover even the administrator due to missing nonce and authorization checks in an AJAX action available to unauthenticated users, allowing them to change the password of arbitrary users by knowing their username...

Qubely < 1.8.1 - Authenticated Arbitrary Settings Update

The plugin does not have proper authorisation when saving its settings, allowing users with a role as low as subscriber in versions 1.7.9 or contributor in v 1.8.1 to update them As a subscriber Nonce can be taken from the qubelylocalscript-js-extra script on the homepage...

CVE-2022-1611

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF...

CVE-2022-1611

The Bulk Page Creator WordPress plugin before 1.1.4 does not protect its page creation functionalities with nonce checks, which makes them vulnerable to CSRF...

WP-Email < 2.69.0 - Log Deletion via CSRF

The plugin does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack PoC...

Events Made Easy < 2.2.81 - Unauthenticated SQLi

The plugin does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Obtain a valid nonce visit the "Events" page, default is /events/, and extract it from the source while looking for...

Peter’s Collaboration E-mails <= 2.2.0 - Arbitrary Settings Update via CSRF

The plugin is vulnerable to CSRF due to missing nonce checks. This allows the change of its settings, which can be used to lower the required user level, change texts, the used email address and more. PoC...

Filr - Secure Document Library < 1.2.2.1 - Subscriber+ AJAX Calls

The plugin does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber. They are are protected with a nonce, however the nonce is leaked on the dashboard. This could allow them to upload arbitrary HTML files as well as...

GHSA-RV8H-P43R-4X5R SimpleGeo python-oauth2 vulnerable to the use of Insufficiently Random Values to generate nonces

The 1 makenonce, 2 generatenonce, and 3 generateverifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess the nonce via a brute force attack...

SimpleGeo python-oauth2 does not check the nonce allowing replay attacks

The Server.verifyrequest function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL. The vulnerability does not appear to be patched according to the following discussion...

Silicon Labs Z-Wave 500 系列输入验证错误漏洞

Silicon Labs Z-Wave Chipsets are a type of chipset in the smart home ecosystem from Silicon Labs, USA. A security vulnerability exists in the Silicon Labs Z-Wave 500 series that stems from a denial of service DoS in the Z-Wave S0 NonceGet protocol specification, which can be exploited by an...