CVE-2024-1642

The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it possible for...

CVE-2024-1642 MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk

The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it possible for...

CVE-2024-1642

CVE-2024-1642 affects the MainWP Dashboard: WordPress Manager for Multiple Websites Maintenance plugin. The issue is a Cross-Site Request Forgery (CSRF) in the posting_bulk function caused by missing/incorrect nonce validation, allowing unauthenticated attackers to delete arbitrary posts if a sit...

WordPress MainWP Plugin <= 4.6.0.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software MainWP Type Plugin Vulnerable versions = 4.6.0.1 Fixed in 5.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1642 Patch priority Low CVSS severity Low 4.3 Developer MainWP PSID 4e2dc997b3cf Credits Krzysztof Zając Required privilege...

Arbitrary User Password Change Vulnerability in LearnDash LMS WordPress Plugin

On June 5, 2023, our Wordfence Threat Intelligence team identified, and began the responsible disclosure process, for an Arbitrary User Password Change vulnerability in LearnDash LMS plugin, a WordPress plugin that is actively installed on more than 100,000 WordPress websites according to our...

Design/Logic Flaw

In AnyView network police network monitoring software 4.6.0.1, there is a local denial of service vulnerability in AnyView, attackers can use a constructed program to cause a computer crash BSOD...