CVE-2023-27445

Cross-Site Request Forgery CSRF vulnerability in Meril Inc. Blog Floating Button plugin = 1.4.12 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Meril Inc. Blog Floating Button plugin = 1.4.12 versions...

CVE-2023-27445 WordPress Blog Floating Button Plugin <= 1.4.12 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Meril Inc. Blog Floating Button plugin = 1.4.12 versions...

CVE-2023-27445

CVE-2023-27445 : A Cross-Site Request Forgery (CSRF) vulnerability exists in the Meril Inc. Blog Floating Button WordPress plugin for versions

WordPress Plugin Blog Floating Button Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in the...

PT-2023-21133 · Meril · Meril Inc. Blog Floating Button Plugin

Name of the Vulnerable Software and Affected Versions: Meril Inc. Blog Floating Button plugin versions = 1.4.12 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...

Friday Squid Blogging: The History and Morality of US Squid Consumption

Really interesting article. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

Welcart e-Commerce < 2.9.5 - Unauthenticated PHP Object Injection

Description The plugin unserializes user input from cookies, which could allow unautehtniacted users to perform PHP Object Injection when a suitable gadget is present on the blog PoC To simulate a gadget chain, put the following code in a plugin: class Evil public function wakeup : void...

A new video series, Google Forms spam and the various gray areas of cyber attacks

I found the juxtaposition of stories on the Talos blog over the past week-plus kind of funny. On one hand, we had a massive story about Arid Viper, a Middle Eastern threat actor spreading spyware, one of the most dangerous types of malware out there right now, operating out of Gaza no less. Then,...

Akamai Named an Overall Leader for API Security

...

CVE-2023-44398

creationtimestamp| type| source ---|---|--- 2023-11-06 20:25:50+00:00| seen| https://t.me/cibsecurity/73620 2025-02-26 21:25:26+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/5613 2025-12-29 21:01:14+00:00| seen|...

Friday Squid Blogging: Eating Dancing Squid

Its not actually alive, but it twitches in response to soy sauce. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here...

CVE-2023-5919

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched...

CVE-2023-5919 SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched...

CVE-2023-5919 SourceCodester Company Website CMS Create Blog Page createblog unrestricted upload

A vulnerability was found in SourceCodester Company Website CMS 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /dashboard/createblog of the component Create Blog Page. The manipulation leads to unrestricted upload. The attack may be launched...

PT-2023-32418 · Sourcecodester · Sourcecodester Company Website Cms

Name of the Vulnerable Software and Affected Versions: SourceCodester Company Website CMS version 1.0 Description: A vulnerability was found in the Create Blog Page component, specifically affecting some unknown functionality of the file /dashboard/createblog. This issue leads to unrestricted...

Apple, Google, and Microsoft Just Patched Some Spooky Security Flaws

Plus: Major vulnerability fixes are now available for a number of enterprise giants, including Cisco, VMWare, Citrix, and SAP...

test post

...

PrestaShop Security Breach

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution provides multiple payment methods, SMS alerts and product image scaling. PrestaShop themevolty v.4.0.8 version before the security vulnerability , the vulnerability stems from through...

Deeper Comments <= 2.1.1 - Subscriber+ Arbitrary Options Update

Description The plugin does not have authorisation in its updateoptions AJAX action, allowing any authenticated users, such as subscribers to update arbitrary blog options like defaultrole etc...