7 matches found
WordPress Arena.IM - Live Blogging for real-time events plugin <= 0.3.0 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability
WordPress Arena.IM - Live Blogging for real-time events plugin = 0.3.0 - Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by SOPROBRO in WordPress Plugin Arena.IM – Live Blogging for real-time events versions = 0.3.0...
CVE-2024-12463
The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'arenaembedamp' shortcode in all versions up to, and including, 0.4.1 due to insufficient input sanitization and output escaping on user supplied attributes. This...
CVE-2024-12526
The Arena.IM – Live Blogging for real-time events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.1. This is due to missing or incorrect nonce validation on the 'albfreuseraction' AJAX action. This makes it possible for unauthenticated...
WordPress Arena.IM – Live Blogging for real-time events plugin <= 0.4.1 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Peter Thaleikis in WordPress Plugin Arena.IM – Live Blogging for real-time events versions = 0.4.1...
WordPress plugin Arena.IM – Live Blogging for real-time events 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
PT-2024-17640 · WordPress · Arena.Im
Name of the Vulnerable Software and Affected Versions: Arena.IM – Live Blogging for real-time events plugin for WordPress versions up to, and including, 0.3.0 Description: The issue is due to missing or incorrect nonce validation on the albfre user action AJAX action. This allows unauthenticated...
Security and Human Behavior (SHB) 2023
Im just back from the sixteenth Workshop on Security and Human Behavior, hosted by Alessandro Acquisti at Carnegie Mellon University in Pittsburgh. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of security, organized each year by Alessandro...