51 matches found
Cross site request forgery (csrf)
The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeedduplicatefeed. This make it possible for unauthenticated attackers to duplicate...
WordPress plugin Image Slider 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Image Slider 1.1.1...
WordPress Delete Duplicate Posts plugin < 4.7.6 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress Delete Duplicate Posts plugin versions 4.7.6. Solution Update the WordPress Delete Duplicate Posts plugin to the latest available version at least 4.7.6...
WordPress Delete Duplicate Posts plugin < 4.7.6 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress Delete Duplicate Posts plugin versions 4.7.6. Solution Update the WordPress Delete Duplicate Posts plugin to the latest available version at least 4.7.6...
Logo Carousel < 3.4.2 - Unauthorised Private Post Access
The plugin allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature PoC 1 Go to Logo Carousel - Shortcode Generator. 2 If there is no carousel, create one. 3 Copy URL of the "Duplicate" link under the...
WordPress Delete Duplicate Posts plugin <= 4.1.9.4 - Authenticated Option Update vulnerability (Fremius Library security issue)
Authenticated Option Update vulnerability Fremius Library security issue in WordPress Delete Duplicate Posts plugin versions = 4.1.9.4. Solution Update the WordPress Delete Duplicate Posts plugin to the latest available version at least 4.1.9.5...
Cross site request forgery (csrf)
Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...
CVE-2018-1000505
Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...
CVE-2018-1000505
Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...
CVE-2018-1000505
Tooltipy tooltips for WP version 5 contains a Cross ite Request Forgery CSRF vulnerability in Settings page that can result in could allow anybody to duplicate posts. This attack appear to be exploitable via Admin must follow a link. This vulnerability appears to have been fixed in 5.1...
CVE-2018-1000505
Tooltipy (tooltips for WP) version 5 contains a Cross-Site Request Forgery (CSRF) vulnerability in the Settings page that could allow an attacker to cause a post to be duplicated. The issue is exploitable via a link the admin must follow, and affects the plugin’s 5.x line. It is stated to be fixe...