EUVD-2024-32753

Malicious code in bioql PyPI...

CVE-2024-4199

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access an...

CVE-2024-4204 Bulk Posts Editing For WordPress <= 4.2.3 - Cross-Site Request Forgery

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible for unauthenticated attackers to create and...

WordPress Bulk Posts Editing For WordPress plugin <= 4.2.3 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Bulk Posts Editing For WordPress versions = 4.2.3...

PT-2024-29706 · WordPress · Bulk Posts Editing For Wordpress

Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the plugin's AJAX actions. This allows...

WordPress Bulk Posts Editing For WordPress Plugin <= 4.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Bulk Posts Editing For WordPress Type Plugin Vulnerable versions = 4.2.3 Fixed in 4.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4204 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9475f46fc3bd Credits...

CVE-2024-4199

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on the plugin's AJAX actions in all versions up to, and including, 4.2.3. This makes it possible for authenticated attackers, with subscriber access an...

PT-2024-29678 · WordPress · Bulk Posts Editing For Wordpress

Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to a missing capability check on the plugin's AJAX actions. This allows authenticated attackers with subscriber acces...

WordPress Bulk Posts Editing For WordPress plugin <= 4.2.3 - Authenticated (Subscriber+) Missing Authorization vulnerability

Authenticated Subscriber+ Missing Authorization vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Bulk Posts Editing For WordPress versions = 4.2.3...

WordPress Bulk Posts Editing For WordPress Plugin <= 4.2.3 is vulnerable to Broken Access Control

Software Bulk Posts Editing For WordPress Type Plugin Vulnerable versions = 4.2.3 Fixed in 4.2.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-4199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 035d66af9f0b Credits Benedictus...