400 matches found
CVE-2023-0603
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-0603
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
Design/Logic Flaw
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
Cross site request forgery (csrf)
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-0603
CVE-2023-0603 concerns the WordPress plugin Sloth Logo Customizer (versions <= 2.0.2). The issue is a lack of CSRF protection when updating settings, coupled with missing sanitization and escaping, enabling a logged-in attacker to induce Stored XSS payloads via a CSRF attack. Root cause: absen...
CVE-2023-0603 Sloth Logo Customizer <= 2.0.2 - Stored XSS via CSRF
The Sloth Logo Customizer WordPress plugin through 2.0.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2023-1347
CVE-2023-1347 affects the WordPress plugin Customizer Export/Import (versions before 0.9.6). The issue arises from unserializing user input in settings, enabling PHP Object Injection when a suitable gadget is present. Exploitation requires admin-level privileges, with a high impact as documented....
CVE-2023-1347 Customizer Export/Import < 0.9.6 - Admin+ PHP Object Injection
The Customizer Export/Import WordPress plugin before 0.9.6 unserializes user input provided via the settings, which could allow high privilege users such as admin to perform PHP Object Injection when a suitable gadget is present...
PT-2023-16916 · WordPress · Customizer Export/Import
Name of the Vulnerable Software and Affected Versions: Customizer Export/Import WordPress plugin versions prior to 0.9.6 Description: The issue allows high privilege users, such as admins, to perform PHP Object Injection when a suitable gadget is present. This is due to the plugin unserializing...
PT-2023-16393 · WordPress · Sloth Logo Customizer
Name of the Vulnerable Software and Affected Versions: Sloth Logo Customizer WordPress plugin versions prior to 2.0.3 Description: The issue concerns a lack of CSRF check when updating settings, as well as missing sanitization and escaping. This could allow attackers to make logged-in admins add...
WordPress plugin Customizer Export/Import 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress plugin Sloth Logo Customizer 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists...
WordPress Customizer Export/Import Plugin < 0.9.6 is vulnerable to PHP Object Injection
Software Customizer Export/Import Type Plugin Vulnerable versions 0.9.6 Fixed in 0.9.6 OWASP Top 10 A1: Injection Classification PHP Object Injection CVE CVE-2023-1347 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 014e99d7d277 Credits Nguyen Huu Do Required privilege...
WordPress Sloth Logo Customizer Plugin <= 2.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Sloth Logo Customizer Type Plugin Vulnerable versions = 2.0.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-0603 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 6468517023bc Credits Nithissh Sathish...
WordPress Thank You Page Customizer for WooCommerce – Increase Your Sales Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)
Software Thank You Page Customizer for WooCommerce – Increase Your Sales Type Plugin Vulnerable versions = 1.0.13 Fixed in 1.0.14 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-46812 Patch priority Low CVSS severity Low 4.3 Developer Claim...
CVE-2022-4324 Custom Field Template < 2.5.8 - Admin+ PHP Object Injection
The Custom Field Template WordPress plugin before 2.5.8 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...
PT-2023-14183 · WordPress · Custom Field Template
Name of the Vulnerable Software and Affected Versions: Custom Field Template WordPress plugin versions prior to 2.5.8 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injections when a high-privilege user imports a...
CVE-2022-3374
The Ocean Extra WordPress plugin before 2.0.5 unserialises the content of an imported file, which could lead to PHP object injections issues when a high privilege user import intentionally or not a malicious Customizer Styling file and a suitable gadget chain is present on the blog...
CVE-2022-3380
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...
CVE-2022-3380
The Customizer Export/Import WordPress plugin before 0.9.5 unserializes the content of an imported file, which could lead to PHP object injection issues when an admin imports intentionally or not a malicious file and a suitable gadget chain is present on the blog...