CVE-2024-12386 WP Abstracts <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion

The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. This is due to missing nonce validation on multiple functions. This makes it possible for unauthenticated attackers to delete arbitrary accounts via a forged request...

WordPress plugin WP Abstracts 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress WP Abstracts plugin <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion vulnerability

Cross-Site Request Forgery to Arbitrary Account Deletion vulnerability discovered by SOPROBRO in WordPress Plugin WP Abstracts versions = 2.7.3...

CVE-2024-12385

The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstractsloadstatus and wpabstractsdeleteabstracts functions. This makes it possible for unauthenticated attackers to...

CVE-2024-12385

The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstractsloadstatus and wpabstractsdeleteabstracts functions. This makes it possible for unauthenticated attackers to...

CVE-2024-12385 WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstractsloadstatus and wpabstractsdeleteabstracts functions. This makes it possible for unauthenticated attackers to...

CVE-2024-12385 WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstractsloadstatus and wpabstractsdeleteabstracts functions. This makes it possible for unauthenticated attackers to...

PT-2025-1828 · WordPress · Wp Abstracts

Name of the Vulnerable Software and Affected Versions: WP Abstracts plugin for WordPress versions up to, and including, 2.7.2 Description: The issue is due to missing nonce validation on the wpabstracts load status and wpabstracts delete abstracts functions, making it possible for unauthenticated...

WordPress plugin WP Abstracts 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-50411

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.7.1...

CVE-2024-50411

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows Stored XSS.This issue affects WP Abstracts: from n/a through = 2.7.1...

CVE-2024-50411

CVE-2024-50411 affects the WordPress plugin WP Abstracts (vulnerable: n/a through 2.7.1). Root cause: improper input neutralization during page generation, allowing Stored XSS. Impact: stored cross-site scripting as described in sources; risk depends on exploitation context. Remediation: fix rele...

CVE-2024-50411 WordPress WP Abstracts plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows Stored XSS.This issue affects WP Abstracts: from n/a through = 2.7.1...

WordPress plugin WP Abstracts 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

PT-2024-34185 · WordPress · Wp Abstracts

Name of the Vulnerable Software and Affected Versions: WP Abstracts versions n/a through 2.7.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For WP...

WordPress WP Abstracts plugin <= 2.7.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by UKO Patchstack Alliance in WordPress Plugin WP Abstracts versions = 2.7.1...

WordPress WP Abstracts Plugin <= 2.7.1 is vulnerable to Cross Site Scripting (XSS)

Software WP Abstracts Type Plugin Vulnerable versions = 2.7.1 Fixed in 2.7.2 OWASP Top 10 A4: Insecure Design Classification Cross Site Scripting XSS CVE CVE-2024-50411 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 6551529121f6 Credits UKO Required privilege Administrato...

CVE-2024-44045

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Kevon Adonis WP Abstracts allows Stored XSS.This issue affects WP Abstracts: from n/a through 2.6.5...

CVE-2024-44045

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Kevon Adonis WP Abstracts wp-abstracts-manuscripts-manager allows Stored XSS.This issue affects WP Abstracts: from n/a through = 2.6.5...

CVE-2024-44045

CVE-2024-44045 is a stored XSS vulnerability in the WordPress plugin WP Abstracts (Kevon Adonis WP Abstracts). Affected versions are &lt;= 2.6.5. The issue stems from improper input neutralization during web page generation (XSS), enabling stored script execution on affected pages. According to P...