8766 matches found
CVE-2019-15779
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qliggdismissnotice or qliggformitemdelete...
Input validation
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qliggdismissnotice or qliggformitemdelete...
CVE-2019-15779
The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qliggdismissnotice or qliggformitemdelete...
CVE-2019-15779
The CVE-2019-15779 entry concerns the WordPress insta-gallery plugin prior to version 2.4.8, which has no nonce validation for qligg_dismiss_notice or qligg_form_item_delete. Consequence per sources indicates lack of CSRF/authorization checks could allow unauthorized actions, including potential ...
CVE-2019-15770
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks...
CVE-2019-15770
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks...
Design/Logic Flaw
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks...
CVE-2019-15770
The woo-address-book plugin before 1.6.0 for WordPress has save calls without nonce verification checks...
CVE-2019-15650
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes such as disabling unattended theme updates because of a nonce check error...
CVE-2019-15650
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes such as disabling unattended theme updates because of a nonce check error...
Design/Logic Flaw
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes such as disabling unattended theme updates because of a nonce check error...
CVE-2019-15650
CVE-2019-15650 affects the WordPress plugin stops-core-theme-and-plugin-updates prior to version 8.0.5. Root cause per the sources: a nonce check error yields insufficient restrictions on option changes (e.g., disabling unattended theme updates). Impact described in the documents is the ability t...
CVE-2019-15650
The stops-core-theme-and-plugin-updates plugin before 8.0.5 for WordPress has insufficient restrictions on option changes such as disabling unattended theme updates because of a nonce check error...
CVE-2019-15319
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...
CVE-2019-15319
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...
Code injection
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...
CVE-2019-15319
The option-tree plugin before 2.7.0 for WordPress has Object Injection by leveraging a valid nonce...
CVE-2019-15319
CVE-2019-15319 concerns the WordPress plugin OptionTree, vulnerable before version 2.7.0. The issue is PHP Object Injection enabled by leveraging a valid nonce, as described in multiple sources (NVD entry and vendor/WP listings). Impact details in the NVD metrics show high/critical severity (CVSS...
Johnson Controls Metasys
1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls Equipment: Metasys Vulnerabilities: Reusing a Nonce, Key Pair in Encryption; Use of Hard-coded Cryptographic Key 2. RISK EVALUATION Successful exploitation of these vulnerabilities could be leveraged by an...
WordPress Download Manager 2.5 Cross Site Request Forgery
Exploit Title: CSRF vulnerabilities in WordPress Download Manager Plugin 2.5 Google Dork: inurl:"/wp-content/plugins/download-manager Date: 24 may, 2019 Exploit Author: Princy Edward Exploit Author Blog : https://prinyedward.blogspot.com/ Vendor Homepage: https://www.wpdownloadmanager.com/ Softwa...