12 matches found
EUVD-2020-24197
Malware in sbrugna...
CVE-2020-36756
The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the createcsvfile function. This makes it possible for unauthenticated attackers to create a CSV file via a forged...
CVE-2023-47807
Missing Authorization vulnerability in 10Web 10WebAnalytics wd-google-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through = 1.2.12...
CVE-2023-47807 WordPress 10WebAnalytics plugin <= 1.2.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in 10Web 10WebAnalytics wd-google-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through = 1.2.12...
CVE-2023-47807 WordPress 10WebAnalytics plugin <= 1.2.12 - Broken Access Control vulnerability
Missing Authorization vulnerability in 10Web 10WebAnalytics wd-google-analytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through = 1.2.12...
PT-2025-1548 · 10Web · 10Webanalytics
Name of the Vulnerable Software and Affected Versions: 10WebAnalytics versions 1.2.12 and earlier Description: A Missing Authorization vulnerability exists in 10Web 10WebAnalytics, allowing exploitation of incorrectly configured access control security levels. This issue enables unauthorized acce...
WordPress 10WebAnalytics Plugin <= 1.2.12 is vulnerable to Broken Access Control
Software 10WebAnalytics Type Plugin Vulnerable versions = 1.2.12 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47807 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID a7d2ad869475 Credits Abdi Pranata Required...
CVE-2020-36756
The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the createcsvfile function. This makes it possible for unauthenticated attackers to create a CSV file via a forged...
Cross site request forgery (csrf)
The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the createcsvfile function. This makes it possible for unauthenticated attackers to create a CSV file via a forged...
CVE-2020-36756
The CVE-2020-36756 entry describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress 10WebAnalytics plugin up to version 1.2.8. The root cause is missing or incorrect nonce validation in the create_csv_file() function, enabling unauthenticated attackers to forge requests that cau...
CVE-2020-36756 10WebAnalytics <= 1.2.8 - Cross-Site Request Forgery Bypass
The 10WebAnalytics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.8. This is due to missing or incorrect nonce validation on the createcsvfile function. This makes it possible for unauthenticated attackers to create a CSV file via a forged...
WordPress 10WebAnalytics plugin <= 1.2.8 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress 10WebAnalytics plugin versions = 1.2.8. Solution Update the WordPress 10WebAnalytics plugin to the latest available version at least 1.2.9...