90 matches found
CVE-2022-41987
Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...
CVE-2022-41987
CVE-2022-41987: A Cross-Site Request Forgery (CSRF) vulnerability in the LearningTimes BadgeOS WordPress plugin is present in versions
CVE-2022-41987 WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...
CVE-2022-41987 WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in LearningTimes BadgeOS plugin = 3.7.1.6 versions...
PT-2023-14055 · Learningtimes · Badgeos
Name of the Vulnerable Software and Affected Versions: LearningTimes BadgeOS plugin versions = 3.7.1.6 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web applicatio...
WordPress plugin BadgeOS 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress BadgeOS Plugin <= 3.7.1.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software BadgeOS Type Plugin Vulnerable versions = 3.7.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-41987 Patch priority Low CVSS severity Low 6.3 Developer Claim ownership PSID ece317dfb61e Credits István Márton Required...
BadgeOS <= 3.7.1.6 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2022-2958
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...
CVE-2022-2958
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...
CVE-2022-2958
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...
Sql injection
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...
CVE-2022-2958 BadgeOS < 3.7.1.3 - Subscriber+ SQLi
The BadgeOS WordPress plugin before 3.7.1.3 does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections...
CVE-2022-2958
The CVE-2022-2958 entry concerns the BadgeOS WordPress plugin before 3.7.1.3. The issue is that parameters are not properly sanitised/escaped before being used in SQL statements via AJAX actions that are accessible to any authenticated user, enabling SQL injection. Affected component: BadgeOS Wor...
WordPress plugin BadgeOS SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A SQL injection vulnerability exists in the...
PT-2022-19704 · WordPress · Badgeos
Name of the Vulnerable Software and Affected Versions: BadgeOS WordPress plugin versions prior to 3.7.1.3 Description: The issue concerns the BadgeOS WordPress plugin, which does not properly sanitise and escape parameters before using them in SQL statements via AJAX actions. This can lead to SQL...
BadgeOS < 3.7.1.3 - Subscriber+ SQLi
The plugin does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections PoC Open the following URL as any authenticated user such as subscriber:...
WordPress BadgeOS plugin <= 3.7.1.2 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by cydave in WordPress BadgeOS plugin versions = 3.7.1.2. Solution Update the WordPress BadgeOS plugin to the latest available version at least 3.7.1.3...
BadgeOS < 3.7.1.3 - Subscriber+ SQLi
The plugin does not sanitise and escape parameters before using them in SQL statements via AJAX actions available to any authenticated users, leading to SQL Injections Open the following URL as any authenticated user such as subscriber:...