CVE-2023-2326 Gravity Forms Google Sheet Connector < 1.3.5 - Access Code Update via CSRF

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

CVE-2023-2326

The CVE-2023-2326 issue affects Gravity Forms Google Sheet Connector (and gsheetconnector-gravityforms-pro) WordPress plugins, where updating the Access Code lacked a CSRF check. This governance-level flaw could allow a logged-in administrator to change the Access Code to an arbitrary value via C...

WooCommerce Google Sheet Connector <= 1.3.5 - Access Code Update via CSRF

The plugin does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack PoC Make a logged in admin open https://example.com/wp-admin/admin.php?page=wc-gsheetconnector-config=attacker-code...

CVE-2022-45092

A vulnerability has been identified in SINEC INS All versions V1.0 SP2 Update 1. An authenticated remote attacker with access to the Web Based Management 443/tcp of the affected product, could potentially read and write arbitrary files from and to the device's file system. An attacker might...

PT-2022-27537 · Unknown · Lazy Mouse

Name of the Vulnerable Software and Affected Versions: Lazy Mouse affected versions not specified Description: The default configuration of Lazy Mouse does not require a password, allowing remote unauthenticated users to execute arbitrary code with no prior authorization or authentication...

CVE-2022-38059

Cross-Site Request Forgery CSRF vulnerability in Alexey Trofimov's Access Code Feeder plugin = 1.0.3 at WordPress...

CVE-2022-38059

Cross-Site Request Forgery CSRF vulnerability in Alexey Trofimov's Access Code Feeder plugin = 1.0.3 at WordPress...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Alexey Trofimov's Access Code Feeder plugin = 1.0.3 at WordPress...

CVE-2022-38059

CVE-2022-38059 : A CSRF vulnerability affects WordPress plugins, specifically Access Code Feeder

CVE-2022-38059 WordPress Access Code Feeder plugin <= 1.0.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Alexey Trofimov's Access Code Feeder plugin = 1.0.3 at WordPress...

CVE-2022-38059 WordPress Access Code Feeder plugin <= 1.0.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Alexey Trofimov's Access Code Feeder plugin = 1.0.3 at WordPress...

PT-2022-24178 · Unknown · Access Code Feeder Plugin

Name of the Vulnerable Software and Affected Versions: Access Code Feeder plugin versions 1.0.3 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a w...

WordPress plugin Alexey Trofimov s Access Code Feeder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Alexey...

Access Code Feeder <= 1.0.3 - CSRF

The plugin does not have CSRF check in some places, which could allow attackers to make logged in users perform unwanted actions...

WordPress Access Code Feeder plugin <= 1.0.3 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by ptsfence Patchstack Alliance in WordPress Access Code Feeder plugin versions = 1.0.3. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This closure is temporary, pending...

CVE-2022-27083

Tenda M3 1.10 V1.0.0.124856 was discovered to contain a command injection vulnerability via the component /cgi-bin/uploadAccessCodePic...

Tenda M3 命令注入漏洞

Tenda M3 is an access control from Tenda, a Chinese company. Tenda M3 is vulnerable to command injection, which stems from the component /cgi-bin/uploadAccessCodePic fails to properly filter the construction of command special characters, commands, etc., which can be exploited by attackers to cau...

CVE-2021-28703

grant table v2 status pages may remain accessible after de-allocation take two Guest get permitted access to certain Xen-owned pages of memory. The majority of such pages remain allocated / associated with a guest for its entire lifetime. Grant table v2 status pages, however, get de-allocated whe...

Vulnerabilities fixed in Microsoft Office products

Microsoft has fixed vulnerabilities in Office products. A malicious party can exploit the vulnerabilities to execute arbitrary code with user privileges and spoofing. Below is a summary of the various vulnerabilities described by component and the impact. Microsoft Office SharePoint:...

CVE-2021-27509

In Visualware MyConnection Server before 11.0b build 5382, each published report is not associated with its own access code...