118 matches found
CVE-2022-4936
The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping...
CVE-2022-4936
The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping...
SUSE CVE-2009-0499
Cross-site request forgery CSRF vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php...
Improper Authentication
github.com/usememos/memos is vulnerable to improper authentication. Improper authentication allows an attacker to delete posts on the user's behalf...
Heap overflow
The Workreap WordPress theme before 2.6.4 does not verify that an addon service belongs to the user issuing the request, or indeed that it is an addon service, when processing the workreapaddonsserviceremove action, allowing any user to delete any post by knowing or guessing the id...
WordPress theme Workreap 安全漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Workreap versions prior to 2.6.4. An...
WordPress plugin Registration Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A security vulnerability exists in the WordPress plugin...
WordPress plugin Easy Digital Downloads 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in the...
CVE-2022-2275
The WP Edit Menu WordPress plugin before 1.5.0 does not have CSRF in an AJAX action, which could allow attackers to make a logged in admin delete arbitrary posts/pages from the blog via a CSRF attack...
CVE-2022-2276
The WP Edit Menu WordPress plugin before 1.5.0 does not have authorisation and CSRF in an AJAX action, which could allow unauthenticated attackers to delete arbitrary posts/pages from the blog...
WordPress plugin WP Edit Menu 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
CVE-2022-31295
An issue in the deletepost function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts...
CVE-2022-31295
An issue in the deletepost function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts...
CVE-2022-1779
The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once...
Cross site request forgery (csrf)
The Auto Delete Posts WordPress plugin through 1.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and delete specific posts, categories and attachments at once...
CVE-2022-1779
The CVE-2022-1779 vulnerability affects the WordPress plugin Auto Delete Posts up to version 1.3.0. The issue is a missing CSRF check when updating plugin settings, enabling a logged‑in administrator to alter settings via CSRF and trigger deletion of specific posts, categories, and attachments. T...
WordPress Auto Delete Posts plugin <= 1.3.0 - Arbitrary Settings Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Settings Update via Cross-Site Request Forgery CSRF vulnerability discovered by Daniel Ruf in WordPress Auto Delete Posts plugin versions = 1.3.0. Solution Deactivate and delete. This plugin has been closed as of May 18, 2022 and is not available for download. This closure is temporary,...
EC-CUBE Easy Blog for EC-CUBE4 跨站请求伪造漏洞
EC-CUBE Easy Blog for EC-CUBE4 is a component of the content management system from EC-CUBE Japan. EC-CUBE Easy Blog for EC-CUBE4 1.0.1 and earlier versions are vulnerable to cross-site request forgery, which stems from insufficient authentication of the source of HTTP requests. A remote,...
CVE-2021-24978
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete ...
CVE-2022-25576
Anchor CMS v0.12.7 was discovered to contain a Cross-Site Request Forgery CSRF via the component anchor/routes/posts.php. This vulnerability allows attackers to arbitrarily delete posts...