CVE-2021-29435

trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...

CVE-2024-29435

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter...

CVE-2024-29435

An issue discovered in Alldata v0.4.6 allows attacker to run arbitrary commands via the processId parameter...

CVE-2024-29435

Summary : CVE-2024-29435 affects Alldata v0.4.6, enabling an attacker to execute arbitrary commands via the processId parameter. Affected software : Alldata version 0.4.6. Impact : arbitrary command execution (described as high-risk functionality exposure in multiple sources); CVSS 3.1 base score...

CVE-2023-29435

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Zwaply Cryptocurrency All-in-One plugin = 3.0.19 versions...

CVE-2023-29435 WordPress Cryptocurrency All-in-One Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Zwaply Cryptocurrency All-in-One plugin = 3.0.19 versions...

CVE-2023-29435

CVE-2023-29435 : Auth. (contributor+) Stored Cross-Site Scripting (XSS) in the WordPress plugin “Cryptocurrency All-in-One” (WordPress Cryptocurrency All-in-One Plugin) up to version 3.0.19. Public data confirms the vulnerable component is the plugin; root cause is stored XSS as stated, with an a...

WordPress Cryptocurrency All-in-One Plugin <= 3.0.19 is vulnerable to Cross Site Scripting (XSS)

Software Cryptocurrency All-in-One Type Plugin Vulnerable versions = 3.0.19 Fixed in N/A OWASP Top 10 A1: Injection Classification Cross Site Scripting XSS CVE CVE-2023-29435 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 156297bb9c33 Credits Mika Required privilege...

CVE-2022-29435

Cross-Site Request Forgery CSRF vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets...

CVE-2022-29435 WordPress Code Snippets Extended plugin <= 1.4.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Alexander Stokmann's Code Snippets Extended plugin = 1.4.7 on WordPress allows an attacker to delete or to turn on/off snippets...

CVE-2022-29435

CVE-2022-29435 affects the WordPress plugin “Code Snippets Extended” (

CVE-2021-29435 Cross-Site Request Forgery (CSRF) in trestle-auth

trestle-auth is an authentication plugin for the Trestle admin framework. A vulnerability in trestle-auth versions 0.4.0 and 0.4.1 allows an attacker to create a form that will bypass Rails' built-in CSRF protection when submitted by a victim with a trestle-auth admin session. This potentially...

CVE-2021-29435

CVE-2021-29435 affects the trestle-auth Ruby gem (versions 0.4.0 and 0.4.1) used with the Trestle admin framework. The issue allows an attacker to craft a form that bypasses Rails CSRF protection when submitted by a victim who has a trestle-auth admin session, potentially enabling alteration of p...