15 matches found
EUVD-2013-1022
Malware in sbrugna...
CVE-2022-3994
The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...
CVE-2013-10013
A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection...
CVE-2022-4943
The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...
Sql injection
A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection...
CVE-2013-10013 Bricco Authenticator Plugin DBAuthenticator.java compare sql injection
A vulnerability was found in Bricco Authenticator Plugin. It has been declared as critical. This vulnerability affects the function authenticate/compare of the file src/java/talentum/escenic/plugins/authenticator/authenticators/DBAuthenticator.java. The manipulation leads to sql injection...
CVE-2013-10013
The CVE concerns the Bricco Authenticator Plugin, specifically the DBAuthenticator.java authenticate/compare path. The vulnerability allows SQL injection due to improper handling in that function. Affected versions are prior to 1.39. Upgrading to version 1.39 addresses the issue (patch a5456633ff...
Bricco Authenticator Plugin SQL注入漏洞
Bricco Authenticator Plugin is an open source Escenic plugin from Bricco that provides cookie-based authentication for publishing. Bricco Authenticator Plugin suffers from a SQL injection vulnerability. An attacker could exploit this vulnerability to cause sql injection...
CVE-2022-3994
The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...
CVE-2022-3994 Authenticator < 1.3.1 - Subscriber+ Denial of Service via Feed Token Disclosure
The Authenticator WordPress plugin before 1.3.1 does not prevent subscribers from updating a site's feed access token, which may deny other users access to the functionality in certain configurations...
PT-2023-13734 · WordPress · Authenticator
Name of the Vulnerable Software and Affected Versions: Authenticator WordPress plugin versions prior to 1.3.1 Description: The issue arises from the plugin's failure to restrict subscribers from updating a site's feed access token. This could potentially deny other users access to certain...
WordPress plugin Authenticator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
CVE-2022-42461
CVE-2022-42461 concerns a Broken Access Control issue in miniOrange’s Google Authenticator plugin for WordPress, affected versions ≤ 5.6.1. The vulnerability is described across multiple sources as an access-control flaw in the plugin’s settings/authorization flow, with no publicly documented exp...
CVE-2022-0875
The Google Authenticator WordPress plugin before 1.0.5 does not have CSRF check when saving its settings, and does not sanitise as well as escape them, allowing attackers to make a logged in admin change them and perform Cross-Site Scripting attacks...
CVE-2022-1321
The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...