153 matches found
CVE-2024-4480
CVE-2024-4480 concerns the WP Prayer II WordPress plugin (
CVE-2024-4480 WP Prayer II <= 2.4.7 - Email Settings Update via CSRF
The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress plugin WP Prayer II security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
CVE-2024-28968
Dell SCG, versions prior to 5.24.00.00, contain an Improper Access Control vulnerability in the SCG exposed for internal email and collection settings REST APIs if enabled by Admin user from UI. A remote low privileged attacker could potentially exploit this vulnerability, leading to the executio...
Dell Secure Connect Gateway Access Control Error Vulnerability
Dell Secure Connect Gateway is a secure connectivity gateway from Dell USA. An access control error vulnerability exists in Dell Secure Connect Gateway versions prior to 5.24.00.00, which stems from an improperly access-controlled internal email and collection settings REST API, which could be...
CVE-2024-33470
An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
CVE-2024-33470
The CVE-2024-33470 entry affects AVTECH Room Alert 4E v4.4.0, with a root cause in the SMTP Email Settings that can expose credentials in plaintext via a passback attack. The issue is documented across multiple sources (including PT-2024-25275) and is tied to products that are no longer supported...
CVE-2024-33470
An issue in the SMTP Email Settings of AVTECH Room Alert 4E v4.4.0 allows attackers to gain access to credentials in plaintext via a passback attack. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...
WordPress WP Prayer II plugin <= 2.4.7 - CSRF Leading to Email Settings Change vulnerability
CSRF Leading to Email Settings Change vulnerability discovered by Bob Matyas in WordPress Plugin WP Prayer II versions = 2.4.7...
PT-2024-25275 · Avtech · Avtech Room Alert 4E
Name of the Vulnerable Software and Affected Versions: AVTECH Room Alert 4E version 4.4.0 Description: An issue in the SMTP Email Settings allows attackers to gain access to credentials in plaintext via a passback attack. This issue only affects products that are no longer supported by the...
WP Prayer II <= 2.4.7 - Email Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack Have an admin open an HTML file containing:...
WP Prayer II <= 2.4.7 - Email Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack PoC Have an admin open an HTML file containing:...
CVE-2024-3406
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-3406 WP Prayer <= 2.0.9 - Email Settings Update via CSRF
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-3406 WP Prayer <= 2.0.9 - Email Settings Update via CSRF
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-3406
CVE-2024-3406 affects WP Prayer WordPress plugin up to version 2.0.9 and older, lacking CSRF protection when updating email settings. This enables a logged-in admin to change settings via CSRF. CVSSv3.1 base score 8.8 (HIGH). Remediation noted across sources as updating to a version that adds a C...
WordPress plugin WP Prayer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-25672
Name of the Vulnerable Software and Affected Versions WP Prayer WordPress plugin versions 2.0.9 and earlier Description The issue concerns a lack of CSRF check when updating email settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This could potentially...
CVE-2023-44425
D-Link DIR-X3260 SetSysEmailSettings AccountName Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...
CVE-2023-44422
D-Link DIR-X3260 SetSysEmailSettings EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-X3260 routers. Although authentication is required to exploit this...