PT-2023-30600 · Unknown · Yas Global Team Permalinks Customizer

Name of the Vulnerable Software and Affected Versions: YAS Global Team Permalinks Customizer plugin versions prior to 2.8.3 Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for potential malicious...

WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Scripting (XSS)

Software Permalinks Customizer Type Plugin Vulnerable versions = 2.8.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-47773 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 75025c824dd0 Credits Le Ngoc Anh Required privilege...

CVE-2022-47181

Cross-Site Request Forgery CSRF vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2...

CVE-2022-47181

Cross-Site Request Forgery CSRF vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in wpexpertsio Email Templates Customizer and Designer for WordPress and WooCommerce email-templates allows Cross Site Request Forgery.This issue affects Email Templates Customizer and Designer for WordPress and WooCommerce: from n/a through 1.4.2...

CVE-2022-47181

CVE-2022-47181 describes a Cross-Site Request Forgery (CSRF) in the WordPress plugin “Email Templates Customizer and Designer for WordPress and WooCommerce” (Email Templates). Affected versions are up to 1.4.2. The issue allows CSRF exploitation without authentication, with network attack vector ...

CVE-2023-45103

Cross-Site Request Forgery CSRF vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

CVE-2023-45103

Cross-Site Request Forgery CSRF vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

CVE-2023-45103

CVE-2023-45103 refers to a CSRF vulnerability in the WordPress plugin Permalinks Customizer (YAS Global Team Permalinks Customizer) affecting versions up to and including 2.8.2. The connected Patchstack/CVE-2023-45103 entries describe the issue as CSRF via post_settings, with an unpatched status ...

CVE-2023-45103 WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

CVE-2023-45103 WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in YAS Global Team Permalinks Customizer plugin = 2.8.2 versions...

WordPress plugin Permalinks Customizer Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Permalinks Customizer Plugin <= 2.8.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Permalinks Customizer Type Plugin Vulnerable versions = 2.8.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-45103 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID edea2f7e37f7 Credits Mika Required...

WordPress Customizer Export/Import Plugin < 0.9.5 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpbeaverbuilder:customizerexport%2fimport"; if description...

WordPress Customizer Export/Import Plugin < 0.9.6 PHP Object Injection Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpbeaverbuilder:customizerexport%2fimport"; if description...

WP Adminify < 3.1.6 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup PoC Several fields in the plugin are...

WordPress Import/Export Customizer Settings Plugin < 1.0.4 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:brainstormforce:import%2fexportcustomizersettings"; if...

CVE-2023-3956 InstaWP Connect <= 0.0.9.18 - Missing Authorization to Unauthenticated Post/Taxonomy/User Add/Change/Delete, Customizer Setting Change, Plugin Installation/Activation/Deactication via events_receiver

The InstaWP Connect plugin for WordPress is vulnerable to unauthorized access of data, modification of data and loss of data due to a missing capability check on the 'eventsreceiver' function in versions up to, and including, 0.0.9.18. This makes it possible for unauthenticated attackers to add,...

InstaWP Connect < 0.0.9.19 - Unauthenticated Data Modification

Description The plugin does not have authorisation check in its eventsreceiver function, allowing unauthenticated users to create/update/delete posts/taxonomy, install/activate/deactivate plugin, update the customizer settings as well as create/update/delete arbitrary users...