3642 matches found
CVE-2025-24715
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Counter Box allows Cross Site Request Forgery. This issue affects Counter Box: from n/a through 2.0.5...
CVE-2025-24711
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Popup Box popup-box allows Cross Site Request Forgery.This issue affects Popup Box: from n/a through = 3.2.4...
CVE-2025-24715
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Counter Box counter-box allows Cross Site Request Forgery.This issue affects Counter Box: from n/a through = 2.0.5...
CVE-2025-24715 WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Counter Box counter-box allows Cross Site Request Forgery.This issue affects Counter Box: from n/a through = 2.0.5...
CVE-2025-24715
CVE-2025-24715 pertains to the WordPress Counter Box plugin. A CSRF in Counter Box (versions
CVE-2025-24715 WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Counter Box counter-box allows Cross Site Request Forgery.This issue affects Counter Box: from n/a through = 2.0.5...
CVE-2025-24711 WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Popup Box popup-box allows Cross Site Request Forgery.This issue affects Popup Box: from n/a through = 3.2.4...
CVE-2025-24711
CVE-2025-24711 is a CSRF vulnerability in Wow-Company Popup Box (Plugin Popup Box) affecting versions up to 3.2.4. The CVSS v3.1 base metrics indicate Network attack vector, Low scope, and Confidentiality/Integrity/Availability impacts (I:L, A:L, C:N) with a base score of 5.4 (Medium) and user in...
WordPress Counter Box Plugin <= 2.0.5 - Cross Site Request Forgery (CSRF) to Settings Change vulnerability
Cross Site Request Forgery CSRF to Settings Change vulnerability discovered by Khang Duong in WordPress Plugin Counter Box versions = 2.0.5...
WordPress Popup Box Plugin <= 3.2.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Khang Duong in WordPress Plugin Popup Box versions = 3.2.4...
PT-2025-5529 · Wow Company · Counter Box
Name of the Vulnerable Software and Affected Versions: Wow-Company Counter Box versions 2.0.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's behalf. Recommendations: For versions 2.0.5 and...
WordPress plugin Popup Box 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...
PT-2025-5525 · Wow Company · Wow-Company Popup Box
Name of the Vulnerable Software and Affected Versions: Wow-Company Popup Box versions 3.2.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. Recommendations: For versions 3.2.4 and...
WordPress plugin Counter Box 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forgery...
Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits
An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report share...
Malicious code in @chkpkit/box (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis be611a64a4693f32ee325101273c6edec5fc7c62e14b8455d75bb5014f2a0379 The OpenSSF Package Analysis project identified '@chkpkit/box' @ 99.99.93 npm as malicious. It is considered malicious because: - The package...
CVE-2025-23938
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CRUDLab Image Gallery Box by CRUDLab image-gallery-box-by-crudlab allows PHP Local File Inclusion.This issue affects Image Gallery Box by CRUDLab: from n/a through = 1.0.3...
CVE-2025-23938 WordPress Image Gallery Box by CRUDLab Plugin <= 1.0.3 - Local File Inclusion vulnerability
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in CRUDLab Image Gallery Box by CRUDLab image-gallery-box-by-crudlab allows PHP Local File Inclusion.This issue affects Image Gallery Box by CRUDLab: from n/a through = 1.0.3...
CVE-2025-23938
CVE-2025-23938 affects Image Gallery Box by CRUDLab (WordPress plugin). Red Hat and WordPress vulnerability data describe an Authenticated Local File Inclusion (LFI) caused by improper handling of filename includes in PHP, enabling access to local files via NotFound Image Gallery Box pages. Affec...
PT-2025-5216 · Crudlab · Image Gallery Box
Name of the Vulnerable Software and Affected Versions: Image Gallery Box by CRUDLab versions n/a through 1.0.3 Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...