15 matches found
EUVD-2023-23756
Malicious code in bioql PyPI...
CVE-2023-1509
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...
WordPress plugin GMAce 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
CVE-2023-23861 WordPress GMAce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in German Mesky GMAce plugin = 1.5.2 versions...
CVE-2023-1509
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...
CVE-2023-1509
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...
CVE-2023-1509
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...
Cross site request forgery (csrf)
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...
CVE-2023-1509 GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion)
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...
CVE-2023-1509 GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion)
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...
PT-2023-17044 · WordPress · Gmace
Name of the Vulnerable Software and Affected Versions: GMAce plugin for WordPress versions up to, and including, 1.5.2 Description: The issue is due to missing nonce validation on the gmace manager server function called via the wp ajax gmace manager AJAX action. This allows unauthenticated...
WordPress Plugin GMAce 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2023-19261 · German Mesky · Gmace Plugin
Name of the Vulnerable Software and Affected Versions: German Mesky GMAce plugin versions = 1.5.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is authenticat...
WordPress GMAce Plugin <= 1.5.2 is vulnerable to Arbitrary File Download
Software GMAce Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A6: Security Misconfiguration Classification Arbitrary File Download CVE CVE-2023-23872 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID 4ffc557c3ed7 Credits Mika Required privilege Administrat...
WordPress GMAce Plugin <= 1.5.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software GMAce Type Plugin Vulnerable versions = 1.5.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23861 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 5e49c5295a88 Credits Mika Required privilege...