EUVD-2021-34252

Malicious code in bioql PyPI...

WordPress Defender Security Plugin <= 3.3.2 is vulnerable to Broken Authentication

Software Defender Security Type Plugin Vulnerable versions = 3.3.2 Fixed in 3.3.3 OWASP Top 10 A2: Broken Authentication Classification Broken Authentication CVE CVE-2022-44581 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID e5d5684810f0 Credits Snicco Required privilege...

WordPress plugin Defender Security 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Defender Security Plugin <= 4.4.1 is vulnerable to Bypass Vulnerability

Software Defender Security Type Plugin Vulnerable versions = 4.4.1 Fixed in 4.4.2 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2024-25595 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 5f5aded4cf8d Credits Yudistira Arya Required privile...

WordPress Defender Security Plugin <= 4.1.0 is vulnerable to Sensitive Data Exposure

Software Defender Security Type Plugin Vulnerable versions = 4.1.0 Fixed in 4.2.0 OWASP Top 10 A9: Security Logging and Monitoring Failures Classification Sensitive Data Exposure CVE CVE-2023-51490 Patch priority Low CVSS severity Low 5.3 Developer WPMU DEV PSID 6b8b4abdceeb Credits Joshua Chan...

PT-2023-31704

Name of the Vulnerable Software and Affected Versions Defender Security WordPress plugin versions prior to 4.1.0 Description The issue allows an unauthenticated visitor to access the login page, even when the hide login page functionality of the plugin is enabled, due to the plugin not preventing...

CVE-2021-4425 Defender Security <= 2.4.6 - Cross-Site Request Forgery Bypass

The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verifyotplogintime function. This makes it possible for unauthenticated attackers to verify a one time login...

CVE-2021-4425 Defender Security <= 2.4.6 - Cross-Site Request Forgery Bypass

The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verifyotplogintime function. This makes it possible for unauthenticated attackers to verify a one time login...

WordPress Defender Security plugin <= 3.3.2 - Broken Authentication vulnerability

Broken Authentication vulnerability discovered by Calvin Alkan in the WordPress Defender Security plugin versions = 3.3.2. Solution Update the WordPress Defender Security plugin to the latest available version at least 3.3.3...