774 matches found
Citrix Endpoint Management (aka XenMobile Server) 10.13.0 Rolling Patch 9
Package name: xms10.13.0.10922.bin For: XenMobile Server 10.13.0 Deployment type: On-premises only Replaces: xms10.13.0.10817.bin, xms10.13.0.10723.bin, xms10.13.0.10603.bin, xms10.13.0.10528.bin, xms10.13.0.10426.bin, xms10.13.0.10329.bin, xms10.13.0.10212.bin, and xms10.13.0.10129.bin. Date: Ju...
WordPress Database Backup plugin跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site request forgery vulnerability exists in versions of WordPress Database Backup plugin prior to 2.5....
WordPress Database Backup for WordPress Plugin < 2.5.2 CSRF Vulnerability
The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...
CVE-2022-1577
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails t...
CVE-2022-1577
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails t...
WordPress plugin Database Backup 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. cross-site request forgery vulnerability exists in versions of WordPress Database Backup plugin prior to 2.5....
CVE-2022-1577 Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF
The Database Backup for WordPress plugin before 2.5.2 does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails t...
Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF
The plugin does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. O...
WordPress Database Backup for WordPress plugin <= 2.5.1 - Arbitrary Schedule Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Schedule Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Database Backup for WordPress plugin versions = 2.5.1. Solution Update the WordPress Database Backup for WordPress plugin to the latest available version at least 2.5.2...
Database Backup for WordPress < 2.5.2 - Arbitrary Schedule Settings Update via CSRF
The plugin does not have CSRF check in place when updating the schedule backup settings, which could allow an attacker to make a logged in admin change them via a CSRF attack. This could lead to cases where attackers can send backup notification emails to themselves, which contain more details. O...
CVE-2022-0833
The Church Admin WordPress plugin before 3.4.135 does not have authorisation and CSRF in some of its action as well as requested files, allowing unauthenticated attackers to repeatedly request the "refresh-backup" action, and simultaneously keep requesting a publicly accessible temporary file...
PT-2022-13457 · WordPress · Church Admin
Name of the Vulnerable Software and Affected Versions: Church Admin WordPress plugin versions prior to 3.4.135 Description: The issue allows unauthenticated attackers to exploit the lack of authorization and CSRF protection in certain actions and requested files. This enables them to repeatedly...
ICT Protege GX/WX 2.08 Cross Site Scripting
ICT Protege GX/WX 2.08 Authenticated Stored XSS Vulnerability Vendor: Integrated Control Technology Ltd. Product web page: https://www.ict.co Affected version: GX: Ver: 2.08.1002 K1B3 Lib: 04.00.217 Int: 2.3.235.J013 OS: 2.0.20 WX: Ver: 4.00 284 H062 App: 02.08.766 Lib: 04.00.169 Int: 02.2.208...
Wordpress Database Backup Plugin SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is a WordPress open source application plugin. wordpress Database Backup Plugin has a SQL injecti...
CVE-2022-0255
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...
CVE-2022-0255
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...
CVE-2022-0255
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...
Sql injection
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...
CVE-2022-0255
The CVE-2022-0255 entry concerns the WordPress Database Backup plugin (before 2.5.1). The vulnerability is a SQL injection in the admin dashboard caused by improper sanitisation/escaping of the fragment parameter before use in SQL. Affected component: the admin-side handling of the fragment param...
CVE-2022-0255 Database Backup for WordPress < 2.5.1 - Admin+ SQL Injection
The Database Backup for WordPress plugin before 2.5.1 does not properly sanitise and escape the fragment parameter before using it in a SQL statement in the admin dashboard, leading to a SQL injection issue...