EUVD-2021-31155

Malicious code in bioql PyPI...

CVE-2024-3474

The Wow Skype Buttons WordPress plugin before 4.0.4 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting buttons via CSRF attacks...

PT-2024-33870 · WordPress · Wp Stacker

Name of the Vulnerable Software and Affected Versions: WP Stacker WordPress plugin versions 1.8.5 and earlier Description: The issue concerns a lack of CSRF check in some areas and missing sanitization as well as escaping. This could allow attackers to make logged-in admins add Stored XSS payload...

WordPress Plugin Splashscreen Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

Secomea SiteManager 安全漏洞

Secomea SiteManager is a software application from Secomea, Denmark. It provides a remote maintenance function for industrial equipment. A security vulnerability exists in Secomea SiteManager that stems from a debugging tool that allows logged-in administrators to modify the system state in an...

HCL Technologies Traveler 跨站脚本漏洞

HCL Technologies Traveler is a software from HCL Technologies, India. It is used to provide automatic, bi-directional, wireless synchronization between HCL Domino servers and wireless handheld devices. A security vulnerability exists in HCL Technologies Traveler versions prior to 12.0.1.2, which...

WordPress plugin CaPa Protect 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress CaPa Protect plugin is vulnerable to cross-site request forgery, which stems from the failu...

WordPress plugin WP-EMail 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress WP-EMail plugin versions prior to 2.69.0 are vulnerable to cross-site request forgery, whic...

CVE-2021-24832

The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack...

St Daily Tip <= 4.7 - CSRF to Stored Cross-Site Scripting

The plugin does not have any CSRF check in place when saving its 'Default Text to Display if no tips' setting, and was also lacking sanitisation as well as escaping before outputting it the page. This could allow attacker to make logged in administrators set a malicious payload in it, leading to ...

Larsens Calender <= 1.2 - Stored Cross-Site Scripting (XSS)

The plugin does not sanitise or encode the Title of the calendar entries when outputting them in the admin dashboard, leading to Stored XSS issue. Due to the lack of CSRF check, this can be exploited by a CSRF attack, making logged in administrators create malicious entries PoC The PoC will be...

Elementor Contact Form DB < 1.6 - Plugin Settings Cross-Site Request Forgery

The plugin lacked CSRF nonces, which could allow attackers to make logged in administrators perform unwanted actions, such as change the plugin's settings via a CSRF attack...

CVE-2018-16259

There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via pmxi-admin-settings largefeedlimit. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of b...

File Manager < 3.0 - Authenticated Reflected Cross-Site Scripting (XSS)

Lack of sanitisation in the lang parameter in the admin dashboard could allow attacker to perform reflected XSS attacks against logged in administrators PoC https://example.com/wp-admin/admin.php?page=wpfilemanager〈=zhCNalertXSS...