27 matches found
EUVD-2021-11660
Malware in sbrugna...
EUVD-2024-21014
Malicious code in bioql PyPI...
CVE-2024-23519
Cross-Site Request Forgery CSRF vulnerability in M Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7...
CVE-2021-24748
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues...
CVE-2024-23519
Cross-Site Request Forgery CSRF vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7...
CVE-2024-23519
Cross-Site Request Forgery CSRF vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7...
WordPress Plugin Email Before Download Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2024-23519
CVE-2024-23519 is a CSRF vulnerability in the WordPress plugin Email Before Download (M&S Consulting) affecting versions up to 6.9.7. The NVD/patch sources indicate a high-impact issue (CVSS v3.1 base score 8.8; network attack vector, no privileges required, user interaction required) that could ...
CVE-2024-23519 WordPress Email Before Download Plugin <= 6.9.7 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7...
CVE-2024-23519 WordPress Email Before Download Plugin <= 6.9.7 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in M&S Consulting Email Before Download.This issue affects Email Before Download: from n/a through 6.9.7...
PT-2024-19920 · Unknown · M&S Consulting Email Before Download
Name of the Vulnerable Software and Affected Versions: M&S Consulting Email Before Download versions n/a through 6.9.7 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a w...
Email Before Download <= 6.9.7 - Cross-Site Request Forgery
Description The Email Before Download plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.9.7. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forg...
WordPress Email Before Download Plugin <= 6.9.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Email Before Download Type Plugin Vulnerable versions = 6.9.7 Fixed in 6.9.8 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-23519 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 0219cc769beb Credits Mika Required...
CVE-2021-24748
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues...
CVE-2021-24748
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues...
CVE-2021-24748
CVE-2021-24748 affects the Email Before Download WordPress plugin prior to version 6.8. The vulnerability arises from improper validation/escaping of order and orderby GET parameters used in SQL statements, causing authenticated SQL injection. Impact per sources includes high-severity exposure (C...
CVE-2021-24748 Email Before Download < 6.8 - Admin+ SQL Injection
The Email Before Download WordPress plugin before 6.8 does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues...
WordPress和WordPress 插件 SQL注入漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an open source application plugin for WordPress. A SQL injection vulnerability exists in The Email Before...
Email Before Download < 6.8 - Admin+ SQL Injection
The plugin does not properly validate and escape the order and orderby GET parameters before using them in SQL statements, leading to authenticated SQL injection issues PoC...