37 matches found
CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite
The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...
CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite
The BadgeOS plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.7.1.6. This is due to improper validation and authorization checks within the badgeosupdatestepsajaxhandler, badgeosupdateawardstepsajaxhandler,...
WordPress plugin BadgeOS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2023-18341 · WordPress · Badgeos
Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue is due to improper validation and authorization checks within the badgeos delete step ajax handler, badgeos delete award step ajax handler, badgeos...
PT-2023-18338 · WordPress · Badgeos
Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue arises from insufficient input sanitization and output escaping on user-supplied attributes in the plugin's shortcodes, allowing authenticated attacker...
PT-2023-18340 · WordPress · Badgeos
Name of the Vulnerable Software and Affected Versions: BadgeOS plugin for WordPress versions up to, and including, 3.7.1.6 Description: The issue is due to improper validation and authorization checks within the badgeos update steps ajax handler, badgeos update award steps ajax handler, badgeos...
WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Insecure Direct Object References (IDOR)
Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-2173 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 413cb9a5b860 Credits Alex Thomas Required...
WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Scripting (XSS)
Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2171 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 965111d21cf9 Credits Alex Thomas Required privilege...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...
CVE-2022-41987 WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...
PT-2023-14055 · Learningtimes · Badgeos
Name of the Vulnerable Software and Affected Versions: LearningTimes BadgeOS plugin versions = 3.7.1.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web applicatio...
CVE-2022-2958
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...
PT-2022-19704 · WordPress · Badgeos
Name of the Vulnerable Software and Affected Versions: BadgeOS WordPress plugin versions prior to 3.7.1.3 Description: The issue concerns the BadgeOS WordPress plugin, which does not properly sanitise and escape parameters before using them in SQL statements via AJAX actions. This can lead to SQL...
WordPress plugin BadgeOS SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
CVE-2022-0817
The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...
CVE-2022-0817
The BadgeOS WordPress plugin through 3.7.0 does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action, leading to an SQL Injection exploitable by unauthenticated users...
WordPress plugin BadgeOS SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...