17 matches found
EUVD-2018-13509
Malware in sbrugna...
CVE-2025-4369
CVE-2025-4369 refers to the Companion Auto Update WordPress plugin. Wordfence notes a stored cross-site scripting vulnerability via the update_delay_days parameter in all versions up to 3.9.2, exploitable by authenticated attackers with administrator privileges. The issue affects multi-site setup...
WordPress plugin Companion Auto Update 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
CVE-2018-20973
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion...
PT-2025-22318 · Papin · Companion Auto Update
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: There is an issue that is being actively exploited. The estimated number of potentially affected devices worldwide is not available. Details about real-world incidents where this issue was...
WordPress Companion Auto Update Plugin < 3.2.1 Multiple Vulnerabilities
The WordPress plugin SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.113486";...
WordPress companion-auto-update plugin input validation error vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. companion-auto-update is a plugin used to update WordPress and related components. WordPress companion-auto-update plugin input...
WordPress companion-auto-update plugin cross-site request forgery vulnerability
WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. companion-auto-update is a plugin used to update WordPress and related components. A cross-site request forgery vulnerability exists i...
CVE-2018-20972
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF...
CVE-2018-20973
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion...
CVE-2018-20972
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF...
CVE-2018-20973
The companion-auto-update plugin before 3.2.1 for WordPress has local file inclusion...
Cross site request forgery (csrf)
The companion-auto-update plugin before 3.2.1 for WordPress has CSRF...
CVE-2018-20972
CVE-2018-20972 is a CSRF vulnerability in the WordPress plugin companion-auto-update prior to version 3.2.1. The connected sources consistently describe an insufficient verification of request origin that allows cross-site requests to perform unintended actions on behalf of an authenticated user....
CVE-2018-20973
CVE-2018-20973 concerns the WordPress plugin companion-auto-update before version 3.2.1, which contains a local file inclusion (LFI) vulnerability. The issue arises in the plugin, enabling an attacker to access local files on the server. Public references in the provided documents consistently de...
Companion Auto Update <= 3.3.5 - Authenticated SQL Injection
The Companion Auto Update WordPress plugin was affected by an Authenticated SQL Injection security vulnerability...
WordPress Companion Auto Update plugin <=2.9.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerabilities
WordPress Companion Auto Update plugin Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS vulnerability. The CSRF occurs when you try to change the plugin’s settings. There's no nonce to validate the request. The XSS vulnerability appears for "Email address" input field, the output is n...