VulnCheck KEV: CVE-2021-42359

WP DSGVO Tools GDPR = 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to...

CVE-2021-39333

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

Hardcoded credentials

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

CVE-2021-39333 Hashthemes Demo Importer <= 1.1.1 Improper Access Control Allowing Content Deletion

The Hashthemes Demo Importer Plugin = 1.1.1 for WordPress contained several AJAX functions which relied on a nonce which was visible to all logged-in users for access control, allowing them to execute a function that truncated nearly all database tables and removed the contents of...

CVE-2021-39333

CVE-2021-39333 : The Hashthemes Demo Importer Plugin for WordPress (versions

CVE-2021-24742

The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check...

CVE-2021-24742

The Logo Slider and Showcase WordPress plugin before 1.3.37 allows Editor users to update the plugin's settings via the rtWLSSettings AJAX action because it uses a nonce for authorisation instead of a capability check...

CVE-2021-24685

The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload triggered either in the frontend or backend...

Cross site scripting

The Flat Preloader WordPress plugin before 1.5.4 does not enforce nonce checks when saving its settings, as well as does not sanitise and escape them, which could allow attackers to a make logged in admin change them with a Cross-Site Scripting payload triggered either in the frontend or backend...

CVE-2021-24742

The CVE-2021-24742 issue affects the WordPress plugin Logo Slider and Showcase (versions before 1.3.37). The underlying root cause is an authorization flaw: rtWLSSettings is protected by a nonce instead of a proper capability check, allowing Editor users to update plugin settings via an AJAX acti...

PT-2021-16195 · WordPress · Flat Preloader

Name of the Vulnerable Software and Affected Versions: Flat Preloader WordPress plugin versions prior to 1.5.4 Description: The issue arises from the lack of nonce checks when saving settings and the failure to sanitise and escape them, which could allow attackers to make logged-in admins change...

Microsoft OMI Management Interface Authentication Bypass Exploit

By removing the authentication header, an attacker can issue an HTTP request to the OMI management endpoint that will cause it to execute an operating system command as the root user. This vulnerability was patched in OMI version 1.6.8-1 released September 8th 2021. This module requires Metasploi...

MAZ Loader < 1.4.1 - Arbitrary Loader Deletion via CSRF

The plugin does not enforce nonce checks, which allows attackers to make administrators delete arbitrary loaders via a CSRF attack The vendor has been notified on August 24th, 2021, as well as escalated to the WP plugins team 3 times, no fix was made despite two new versions being released. PoC...

CLSA-2021-1634922624 Fixed CVE-2020-35452 in httpd

CVE-2020-35452: fix stack overflow in modauthdigest due to crafted digest nonce...

CVE-2021-24735

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...

Cross site request forgery (csrf)

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...

CVE-2021-24735 Compact WP Audio Player < 1.9.7 - Setting Change via CSRF

The Compact WP Audio Player WordPress plugin before 1.9.7 does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack...

Signature replay attacks for different identities (nonce on wrong party)

Handle cmichel Vulnerability details A single QuickAccount can serve as the "privilege" for multiple identities, see the comment in QuickAccManager.sol: NOTE: a single accHash can control multiple identities, as long as those identities set it's hash in privilegesaddressthis. this is by design If...

Colorful Categories < 2.0.15 - Arbitrary Colors Update via CSRF

The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor change taxonomy colors via a CSRF attack PoC...

CLSA-2021-1633601543 Fix of CVE: CVE-2020-35452

CVE-2020-35452: fix stack overflow in modauthdigest due to crafted digest nonce...