EUVD-2021-34253

Malicious code in bioql PyPI...

CVE-2021-4426

The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metaboxreviewsave function. This makes it possible for unauthenticated attackers to save meta tags via a forge...

CVE-2024-8965

The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-8965

The Absolute Reviews plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Name' field of a custom post criteria in all versions up to, and including, 1.1.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

CVE-2024-8965

CVE-2024-8965 details (WordPress Absolute Reviews plugin): All versions up to 1.1.3 are vulnerable to a Stored DOM-based Cross-Site Scripting (XSS) via the Name field of a custom post criterion. Exploitation requires at least Contributor–level authentication and above, enabling injection of scrip...

WordPress Absolute Reviews plugin <= 1.1.3 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via Criteria Name vulnerability

Authenticated Contributor+ Stored DOM-Based Cross-Site Scripting via Criteria Name vulnerability discovered by Muhammad Adel ItsFadinG in WordPress Plugin Absolute Reviews versions = 1.1.3...

WordPress plugin Absolute Reviews 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Absolute Reviews Plugin <= 1.1.3 is vulnerable to Cross Site Scripting (XSS)

Software Absolute Reviews Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8965 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID a21e8c7a2d18 Credits Muhammad Adel ItsFadinG...

PT-2024-39342 · WordPress · Absolute Reviews

Name of the Vulnerable Software and Affected Versions: Absolute Reviews plugin for WordPress versions up to, and including, 1.1.3 Description: The issue is related to Stored Cross-Site Scripting via the Name field of a custom post criteria due to insufficient input sanitization and output escapin...

CVE-2021-4426

The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metaboxreviewsave function. This makes it possible for unauthenticated attackers to save meta tags via a forge...

Cross site request forgery (csrf)

The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metaboxreviewsave function. This makes it possible for unauthenticated attackers to save meta tags via a forge...

CVE-2021-4426 Absolute Reviews <= 1.0.8 - Cross-Site Request Forgery Bypass

The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metaboxreviewsave function. This makes it possible for unauthenticated attackers to save meta tags via a forge...

CVE-2021-4426

CVE-2021-4426 affects the Absolute Reviews plugin for WordPress (versions up to and including 1.0.8). The root cause is missing or incorrect nonce validation in the metabox_review_save() function, enabling Cross-Site Request Forgery. An unauthenticated attacker could trick a site administrator in...

PT-2023-12539 · WordPress · Absolute Reviews

Name of the Vulnerable Software and Affected Versions: Absolute Reviews plugin for WordPress versions up to, and including, 1.0.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the metabox review save function. This allows...

WordPress Plugin Absolute Reviews 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress Absolute Reviews plugin <= 1.0.8 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Absolute Reviews plugin versions = 1.0.8. Solution Update the WordPress Absolute Reviews plugin to the latest available version at least 1.0.9...