8769 matches found
Cross site scripting
The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting XSS in the 'hotjar script' textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users...
CVE-2021-24278
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function...
CVE-2021-24278
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function...
Design/Logic Flaw
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function...
CVE-2021-24278 Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
In the Redirection for Contact Form 7 WordPress plugin before 2.3.4, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function...
WordPress plugin 安全漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. An improper access control vulnerability exists in WordPress Redirection for Contact Form 7 Plugin...
Hotjar Connecticator <= 1.1.1 - Authenticated Stored Cross-Site Scripting (XSS)
The plugin was vulnerable to Stored Cross-Site Scripting XSS in the "hotjar script" textarea. The request did include a CSRF nonce that was properly verified by the server and this vulnerability could only be exploited by administrator users. PoC Step 1: Install and activate the plugin "Hotjar...
Download Manager < 3.1.23 - Unauthorised Asset Manager Usage
The majority of the AJAX actions related to the Asset Manager use the same nonce action ie the NONCEKEY constant, and are lacking any authorisation checks. Given that the nonce is available in other pages, accessible by low priviledge users such as author, or even subscribers depending on the...
The randomIndex() can be determined
Handle s1m0 Vulnerability details Impact The function randomIndex is used to choose which id to mint theoretically randomly. The index can be computed with a smartContract by giving him through arguments the internal/private variables numTokens and nonce gotten with getStorageAt. Note there is al...
nonce always remains 0
Handle paulius.eth Vulnerability details Impact a nonce is not actually incremented: nonce.add1; the new value is not assigned to the variable so nonce always remains 0 and has no impact on random generation. Recommended Mitigation Steps Should be: nonce = nonce.add1; --- The text was updated...
randomIndex is not truly random - possibility of predictably minting a specific token Id
Handle @GalloDaSballo Vulnerability details Impact Detailed description of the impact of this finding. randomIndex: Is not random Any miner has access to these values uint index = uintkeccak256abi.encodePackednonce, msg.sender, block.difficulty, block.timestamp % totalSize; Non miner attackers...
EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1852)
According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...
WordPress Redirection for Contact Form 7 plugin <= 2.3.3 - Unauthenticated Arbitrary Nonce Generation vulnerability
Unauthenticated Arbitrary Nonce Generation vulnerability discovered by WordFence in WordPress Redirection for Contact Form 7 plugin versions = 2.3.3. Solution Update the WordPress Redirection for Contact Form 7 plugin to the latest available version at least 2.3.4...
Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
In the plugin, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function. PoC 'wpcf7rgetnonce', 'param' = 'ANY ACTION HERE' ; $output = curlexec$ch; curlclose$ch; printr$output; ?...
Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce Generation
In the plugin, unauthenticated users can use the wpcf7rgetnonce AJAX action to retrieve a valid nonce for any WordPress action/function. 'wpcf7rgetnonce', 'param' = 'ANY ACTION HERE' ; $output = curlexec$ch; curlclose$ch; printr$output; ?...
Edwiser Bridge < 2.0.7 - CSRF Nonce Bypass
The plugin did not properly verify for CSRF nonces, allowing requests without them to bypass the checks in place. This could allow attackers to make logged in users perform unwanted actions...
WordPress Plugin Cross-Site Request Forgery Vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Cross-site request forgery vulnerability exists in the...
CVE-2021-24218
The wpajaxsavefbesettings and wpajaxdeletefbesettings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved...
CVE-2021-24218
The wpajaxsavefbesettings and wpajaxdeletefbesettings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved...
Cross site request forgery (csrf)
The wpajaxsavefbesettings and wpajaxdeletefbesettings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved...