CVE-2021-24218 Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion

The wpajaxsavefbesettings and wpajaxdeletefbesettings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved...

WordPress插件 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Cross-site request forgery vulnerability exists in the...

GHSA-W3HJ-WR2Q-X83G Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

Discovery uses the same AES/GCM Nonce throughout the session

Discovery uses the same AES/GCM Nonce throughout the session though it should be generated on per message basis which can lead to the leaking of the session key. As the actual ENR record is signed with a different key it is not possible for an attacker to alter the ENR record. Note that the node...

PT-2021-24354 · Consensys · Consensys Discovery

Name of the Vulnerable Software and Affected Versions: Consensys Discovery versions less than 0.4.5 Description: The issue arises from Consensys Discovery using the same AES/GCM nonce for the entire session, which should ideally be unique for every message. This can lead to the leaking of the...

CVE-2021-24163

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...

Cross site request forgery (csrf)

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into...

Design/Logic Flaw

The AJAX action, wpajaxninjaformssendwpremoteinstallhandler, did not have a capability check on it, nor did it have any nonce protection, therefore making it possible for low-level users, such as subscribers, to install and activate the SendWP Ninja Forms Contact Form – The Drag and Drop Form...

CVE-2021-24159 Contact Form 7 Style <= 3.1.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting

Due to the lack of sanitization and lack of nonce protection on the custom CSS feature, an attacker could craft a request to inject malicious JavaScript on a site using the Contact Form 7 Style WordPress plugin through 3.1.9. If an attacker successfully tricked a site’s administrator into clickin...

CVE-2021-24163

The CVE-2021-24163 issue affects the WordPress plugin Ninja Forms (The Drag and Drop Form Builder) prior to version 3.4.34. The vulnerability is in the AJAX action wp_ajax_ninja_forms_sendwp_remote_install_handler, which lacks capability checks and nonce protection, enabling low-privilege users (...

CVE-2021-24159

CVE-2021-24159 affects the WordPress plugin “Contact Form 7 Style” up to version 3.1.9. The issue stems from a lack of sanitization and nonce protection on the plugin’s custom CSS feature, enabling a CSRF attack that can cause the CSS settings to inject malicious JavaScript into a site. Exploitat...

CVE-2021-24166

Affected software: WordPress plugin Ninja Forms – Drag and Drop Form Builder. Vulnerability: CSRF to OAuth service disconnection in wp_ajax_nf_oauth_disconnect due to no nonce protection in versions before 3.4.34. Impact: unauthorized user can craft requests to disconnect a site’s OAuth connectio...

The vulnerability of the Squid proxy server’s nonce digest authentication mechanism, related to integer overflow of the value, allows attackers to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the Squid proxy server’s nonce digest authentication mechanism is related to a numerical overflow of values. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...

Facebook for WordPress 3.0.0-3.0.3 - CSRF to Stored XSS and Settings Deletion

The wpajaxsavefbesettings and wpajaxdeletefbesettings AJAX actions of the plugin were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved. PoC CSRF to XSS CSRF to Delete settings...

PT-2021-3982 · WordPress · Woocommerce Stock Manager

Name of the Vulnerable Software and Affected Versions: WooCommerce Stock Manager versions up to, and including, 2.5.7 Description: The issue is related to the implementation of the import/export functionality in the WooCommerce Stock Manager plugin for WordPress, specifically in the...

Cross-site Scripting (XSS)

pki-core is vulnerable to cross-site scripting XSS. An attacker could inject a specially crafted value that will be executed on the victim's browser if an attacker has a valid nonce...

Oracle Linux 8 : nss (ELSA-2021-0538)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-0538 advisory. - CVE-2020-12403 chacha-poly issues - CVE-2020-12400 constant time ECC. - CVE-2020-6829 constant time ECC. Tenable has extracted the preceding...

Process Steps Template Designer < 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin did not properly check its CSRF nonce in the FontAwesomeField.save method, which could allow attackers to make logged in users capable of editing posts change the Step Icon of arbitrary Process Steps. Due to the lack of sanitisation of the submitted Step icon value, it could also lead ...

Custom Banners < 3.3 - CSRF Nonce Bypass in saveCustomFields

The plugin did not properly check the CSRF nonce in the saveCustomFields method, which could allow attackers to make a logged in user with the editpost capability to save custom fields in a post. Numerous sanitisation fixes were also added to v3.3 PoC Send a request without the...

eCommerce Product Catalog < 3.0.18 - CSRF Nonce Bypass

The plugin did not properly check the CSRF nonce in the icorders.save function, which could allow attackers to make a logged in user with the editdigitalorder capability save arbitrary digital orders...