22 matches found
EUVD-2023-58444
Malicious code in bioql PyPI...
EUVD-2023-58445
Malicious code in bioql PyPI...
CVE-2023-6197
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modify the...
CVE-2023-6196
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audiomerchantaddaudiofile function. This makes it possible for unauthenticated attackers to upload...
Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Settings Modifcation and Stored Cross-Site Scripting
Description The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modi...
Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload
Description The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audiomerchantaddaudiofile function. This makes it possible for unauthenticated attacker...
CVE-2023-6197
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modify the...
CVE-2023-6196
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audiomerchantaddaudiofile function. This makes it possible for unauthenticated attackers to upload...
CVE-2023-6196
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audiomerchantaddaudiofile function. This makes it possible for unauthenticated attackers to upload...
Cross site request forgery (csrf)
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audiomerchantaddaudiofile function. This makes it possible for unauthenticated attackers to upload...
Cross site request forgery (csrf)
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modify the...
CVE-2023-6197
CVE-2023-6197 affects the Audio Merchant WordPress plugin (versions ≤ 5.0.4). The issue is Cross-Site Request Forgery caused by missing or incorrect nonce validation in audio_merchant_save_settings, enabling unauthenticated attackers to modify plugin settings and inject scripts via forged request...
CVE-2023-6197
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modify the...
CVE-2023-6197 Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Settings Modifcation and Stored Cross-Site Scripting
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modify the...
CVE-2023-6196 Audio Merchant <= 5.0.4 - Cross-Site Request Forgery to Arbitrary File Upload
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audiomerchantaddaudiofile function. This makes it possible for unauthenticated attackers to upload...
CVE-2023-6196
CVE-2023-6196 (Audio Merchant, WordPress) : The vulnerability is a Cross-Site Request Forgery in all versions up to 5.0.4 caused by missing or incorrect nonce validation in audio_merchant_add_audio_file. This permits unauthenticated attackers to upload arbitrary files by tricking an administrator...
PT-2023-32563 · WordPress · Audio Merchant
Name of the Vulnerable Software and Affected Versions: The Audio Merchant plugin for WordPress versions up to, and including, 5.0.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the audio merchant save settings function. This allow...
WordPress Audio Merchant Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Audio Merchant Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6196 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 8d1ec07de68f Credits Ala Arfaoui Required...
WordPress Audio Merchant Plugin <= 5.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Audio Merchant Type Plugin Vulnerable versions = 5.0.4 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6197 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID b9deef5e9191 Credits Ala Arfaoui Required...
PT-2023-32562 · WordPress · Audio Merchant
Name of the Vulnerable Software and Affected Versions: The Audio Merchant plugin for WordPress versions up to, and including, 5.0.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the audio merchant add audio file function. This allo...