12 matches found
EUVD-2021-11538
Malware in sbrugna...
WordPress Chameleon CSS Plugin SQL Injection Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Chameleon CSS plugin in version 1.2 and earlier, which...
CVE-2021-24626
The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST...
CVE-2021-24626
The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST...
Sql injection
The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST...
CVE-2021-24626
CVE-2021-24626 affects the Chameleon CSS WordPress plugin (versions ≤ 1.2). The root cause is missing CSRF and capability checks across AJAX calls, and specifically remove_css uses an unsanitized css_id in a SQL statement, enabling an authenticated user to perform unauthorized actions and potenti...
CVE-2021-24626 Chameleon CSS <= 1.2 - Subscriber+ SQL Injection
The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST...
PT-2021-16142 · WordPress · Chameleon Cms
Name of the Vulnerable Software and Affected Versions: Chameleon CSS WordPress plugin versions 1.2 and earlier Description: The issue allows any authenticated user to perform unauthorized actions due to the lack of CSRF and capability checks in all AJAX calls. Specifically, the remove css AJAX ca...
WordPress SQL注入漏洞
WordPress is a set of blogging platforms developed using the PHP language by the Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A SQL injection vulnerability exists in the WordPress Chameleon CSS plugin in version 1.2 and earlier, which...
Chameleon CSS <= 1.2 - Subscriber+ SQL Injection
The plugin does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST parameter before using it in a SQL...
WordPress Chameleon CSS plugin <= 1.2 - SQL Injection (SQLi) vulnerability
SQL Injection SQLi vulnerability discovered by Shreya Pohekar Codevigilant Project in WordPress Chameleon CSS plugin versions = 1.2. Solution Deactivate and delete. This plugin has been closed as of June 18, 2021 and is not available for download. Reason: Security Issue...
Chameleon CSS <= 1.2 - Subscriber+ SQL Injection
The plugin does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, removecss, also does not sanitise or escape the cssid POST parameter before using it in a SQL...