WordPress Responsive Menu Plugin < 4.1.8 Information Disclosure Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:expresstech:responsivemenu"; ifdescription...

Elementor 3.6.0-3.6.2 - Subscriber+ Arbitrary File Upload

The plugin is lacking capability check in a function hooked to admininit introduced in v3.6.0, and only relying on a CSRF check. As the nonce is available to any authenticated users, they could call it and upload a malicious zip archive containing arbitrary files via a subsequent call, leading to...

Elementor 3.6.0-3.6.2 - Subscriber+ Arbitrary File Upload

The plugin is lacking capability check in a function hooked to admininit introduced in v3.6.0, and only relying on a CSRF check. As the nonce is available to any authenticated users, they could call it and upload a malicious zip archive containing arbitrary files via a subsequent call, leading to...

CVE-2022-0141

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks...

CVE-2022-0141

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks...

CVE-2022-0141

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks...

Cross site request forgery (csrf)

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks...

CVE-2022-0141 Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF

The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks...

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

Design/Logic Flaw

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

CVE-2022-29035

JetBrains Ktor Native prior to version 2.0.0 is affected by a weakness in nonce generation where random values were not produced using SecureRandom. The connected documents confirm the root cause but do not provide detailed vulnerability specifics or explicit remediation beyond the product versio...

CVE-2022-29035

In JetBrains Ktor Native before version 2.0.0 random values used for nonce generation weren't using SecureRandom implementations...

_execute can potentially reorder a batch of commands while executing, breaking any assumptions on command orders.

Lines of code Vulnerability details Impact Since this is important, we quote it again instead of referring to our other bug report on a different, yet related bug. The context within which a command is executed is extremely important. AxelarGatewayMultisig.execute takes a signed batch of commands...

Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks PoC Single entry trash: https://example.com/wp-admin/admin.php?page=vfb-entries=trash=2 Since entry permanent deletion:...

HubSpot < 8.8.15 - Contributor+ Blind SSRF

The plugin does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks PoC As an authenticated user with the editposts capability, get REST nonce via...

HubSpot < 8.8.15 - Contributor+ Blind SSRF

The plugin does not validate the proxy URL given to the proxy REST endpoint, which could allow users with the editposts capability by default contributor and above to perform SSRF attacks As an authenticated user with the editposts capability, get REST nonce via...

Denial Of Service (DoS)

asterisk is vulnerable to denial of service. The vulnerability exists due to an infinite loop when the system is challenged on an outbound INVITE and when the nonce is changed in each response...

Quick Adsense < 2.8.2 - Subscriber+ Post Stats Reset

The plugin does not have authorisation and CSRF checks in some of its AJAX actions allowing any authenticated users, such as subscribers to call them and reset Posts stats for example fetch"/wp-admin/admin-ajax.php", "headers": "accept": "/", "accept-language": "en-US,en;q=0.9", "content-type":...