44 matches found
CVE-2024-9990 Crypto <= 2.15 - Cross-Site Request Forgery to Authentication Bypass
The Crypto plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.15. This is due to missing nonce validation in the 'cryptoconnectajaxprocess::check' function. This makes it possible for unauthenticated attackers to log in as any existing user on the...
EUVD-2024-50267
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.15. This is due to missing validation on the user being supplied in the 'cryptoconnectajaxprocess::register' function. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9988 Crypto <= 2.19 - Authentication Bypass via register
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. This is due to missing validation on the user being supplied in the 'cryptoconnectajaxprocess::register' function. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9988 Crypto <= 2.19 - Authentication Bypass via register
The Crypto plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.19. This is due to missing validation on the user being supplied in the 'cryptoconnectajaxprocess::register' function. This makes it possible for unauthenticated attackers to log in as any...
CVE-2024-9988
CVE-2024-9988 (WordPress Crypto plugin) enables authentication bypass via crypto_connect_ajax_process::register, allowing unauthenticated login as existing users (e.g., admin). Publicly documented by Wordfence/Red Hat; patched in a later release (2.19) after disclosure; updates to 2.19+ are recom...
WordPress Crypto plugin <= 2.18 - Authentication Bypass via register vulnerability
Authentication Bypass via register vulnerability discovered by István Márton in WordPress Plugin Crypto versions = 2.18...
WordPress Crypto plugin <= 2.15 - Cross-Site Request Forgery to Authentication Bypass vulnerability
Cross-Site Request Forgery to Authentication Bypass vulnerability discovered by István Márton in WordPress Plugin Crypto versions = 2.15...
WordPress Crypto Plugin <= 2.18 is vulnerable to Broken Authentication
Software Crypto Type Plugin Vulnerable versions = 2.18 Fixed in 2.19 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9988 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 4336600a033e Credits István Márton...
WordPress plugin Crypto 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress plugin Crypto 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...
WordPress plugin Crypto 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Crypto Plugin <= 2.18 is vulnerable to Broken Authentication
Software Crypto Type Plugin Vulnerable versions = 2.18 Fixed in 2.19 OWASP Top 10 A7: Identification and Authentication Failures Classification Broken Authentication CVE CVE-2024-9989 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID a98b5d070482 Credits István Márton...
PT-2024-39985
Name of the Vulnerable Software and Affected Versions Crypto plugin for WordPress versions up to, and including, 2.15 Description The issue is related to authentication bypass due to missing validation on the user being supplied in the crypto connect ajax process::register function. This allows...
WordPress Crypto Plugin <= 2.15 is vulnerable to Cross Site Request Forgery (CSRF)
Software Crypto Type Plugin Vulnerable versions = 2.15 Fixed in 2.16 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-9990 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID 9ea8df5f4b5b Credits István Márton Required privileg...
PT-2024-39987 · WordPress · Crypto++
Name of the Vulnerable Software and Affected Versions: Crypto plugin for WordPress versions up to and including 2.15 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation in the crypto connect ajax process::check function. This allows unauthenticated...
CVE-2023-32128
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Adastra Crypto Cryptocurrency Payment & Donation Box – Accept Payments in any Cryptocurrency on your WP Site for Free.This issue affects Cryptocurrency Payment & Donation Box – Accept Payments in a...
CVE-2022-20513
In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android ID:...
CVE-2021-0510
In decrypt12 of CryptoPlugin.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10...
CVE-2021-0509
In various functions of CryptoPlugin.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-9 Android-10...
Google Android 资源管理错误漏洞
Google Android is a Linux-based open source operating system from the Google Open Handheld Consortium Google. An elevation of privilege vulnerability exists in Google Android 11. The vulnerability arises due to a post-release reuse due to a race condition when decrypting CryptoPlugin.cpp. An...