CVE-2021-39353 Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...

CVE-2021-39353 Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...

Easy Registration Forms <= 2.1.1 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1...

CVE-2021-24804

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...

CVE-2021-24802

The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack...

CVE-2021-24804

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...

Cross site request forgery (csrf)

The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack...

Default credentials

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...

CVE-2021-24804

CVE-2021-24804 affects the WordPress plugin Simple JWT Login prior to version 3.2.1. The vulnerability is a CSRF/nonce-check bypass in the settings save path, allowing a logged-in administrator to modify critical options (e.g., HMAC verification secret, account registration, and default user role...

CVE-2021-24802 Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF

The Colorful Categories WordPress plugin before 2.0.15 does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack...

CVE-2021-43203

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly...

CVE-2021-43203

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly...

Authentication flaw

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly...

CVE-2021-43203

In JetBrains Ktor before 1.6.4, nonce verification during the OAuth2 authentication process is implemented improperly...

CVE-2021-43203

CVE-2021-43203 affects JetBrains Ktor prior to 1.6.4, where nonce verification in the OAuth2 authentication flow is implemented improperly. This can undermine the integrity of the OAuth2 nonce check, exposing an authentication risk as described in multiple sources (Red Hat and CNVD mirrors) and s...

JetBrains Security Bulletin Q3 2021

JetBrains Security JetBrains Security Bulletin Q3 2021 Robert Demmer In the third quarter of 2021, we resolved a number of security issues in our products. Here’s a summary report that contains a description of each issue and the version in which it was resolved. Product | Description | Severity ...

JetBrains Ktor framework 授权问题漏洞

JetBrains Ktor is a web application framework from JetBrains Czech Republic. An authorization issue vulnerability exists in JetBrains Ktor prior to 1.6.4, which stems from improper implementation of nonce authentication in the OAuth2 authentication process. No detailed vulnerability details are...

CVE-2021-42359

CVE-2021-42359 affects WordPress WP DSGVO Tools (GDPR) plugin versions

CVE-2021-42359 WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanentl...

PT-2021-23590

Name of the Vulnerable Software and Affected Versions: WP DSGVO Tools GDPR versions = 3.1.23 Description: The issue allows an attacker to permanently delete an arbitrary post or page on a site by sending an AJAX request with the "action" parameter set to "admin-dismiss-unsubscribe" and the "id"...