9 matches found
EUVD-2022-42648
Malicious code in bioql PyPI...
CVE-2022-3240
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2022-3240
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2022-3240
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2022-3240
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
Cross site request forgery (csrf)
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2022-3240 Follow Me Plugin <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2022-3240
The CVE-2022-3240 entry concerns WordPress plugin Follow Me Plugin (versions ≤ 3.1.1). Root cause: missing nonce validation on FollowMeIgniteSocialMedia_options_page() enables CSRF, allowing unauthenticated attackers to alter plugin settings and inject JavaScript; WPVulnDB also notes potential St...
PT-2022-21296 · WordPress · Follow Me Plugin
Name of the Vulnerable Software and Affected Versions: Follow Me Plugin versions up to, and including, 3.1.1 Description: The issue is due to missing nonce validation on the FollowMeIgniteSocialMedia options page function, making it possible for unauthenticated attackers to modify the plugin's...