WordPress 跨站请求伪造漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on PHP and MySQL servers. Reponsive Menu free and Pro WordPress plugins before 4.0.4 A cross-site request forgery vulnerability...

CVE-2020-29045

The food-and-drink-menu plugin through 2.2.0 for WordPress allows remote attackers to execute arbitrary code because of an unserialize operation on the fdmcart cookie in loadcartfromcookie in includes/class-cart-manager.php...

WordPress Responsive Menu plugin <= 4.0.3 - Cross-Site Request Forgery (CSRF) leading to Setting Modification vulnerability

Cross-Site Request Forgery CSRF leading to Setting Modification vulnerability found by WordFence in WordPress Responsive Menu plugin versions = 4.0.3. Solution Update the WordPress Responsive Menu plugin to the latest available version at least 4.0.4...

WordPress Sticky Menu, Sticky Header (or anything!) on Scroll plugin <= 2.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Antony Garand Sucuri in WordPress Sticky Menu, Sticky Header or anything! on Scroll plugin versions = 2.2. Solution Update the WordPress Sticky Menu, Sticky Header or anything! on Scroll plugin to the latest available version at least 2.21...

WordPress Admin Menu plugin <= 1.1 - Authenticated Cross-Site Scripting (XSS) vulnerability

Authenticated Cross-Site Scripting XSS vulnerability found by zerodetail & ratherbland WordPress Admin Menu plugin versions = 1.1. Solution Plugin closed. Deactivate and delete...

WP Admin Menu Cross-Site Scripting Vulnerability

WordPress is a blogging platform developed using the PHP language, which supports the setting up of personal blog sites on servers with PHP and MySQL. It is widely used internationally and can be compatible with self-developed plug-ins. Powerful and widely used. Cross-site scripting vulnerability...

Cross site request forgery (csrf)

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

CVE-2017-18513

The responsive-menu plugin before 3.1.4 for WordPress has no CSRF protection mechanism for the admin interface...

CVE-2017-18513

Affected software: WordPress, plugin “responsive-menu” prior to 3.1.4. Root cause: missing CSRF protection in the admin interface. Vulnerability description: CVE-2017-18513 documents a CSRF risk for admin actions in the responsive-menu plugin. Multiple connected sources (Red Hat, CNVD, NVD, PRION...

WordPress Responsive Menu plugin <= 3.1.3 - Cross-Site Request Forgery (CSRF) and Cross-Site Scripting (XSS) Vulnerability

Wordpress Responsive Menu plugin Cross-Site Request Forgery CSRF and Cross-Site Scripting XSS Vulnerabilities. There's a lack of sanitization for saving the options in updateOptions function, in the /app/Controllers/AdminController.php file. Also, a nonce is missing in the plugin's settings page...