CVE-2021-4398

The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the atsaveaturlmeta function. This makes it possible for unauthenticated attackers to update meta data vi...

Cross site request forgery (csrf)

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswpsavemeta function. This makes it possible for unauthenticated attackers to save meta data via a forged reque...

Cross site request forgery (csrf)

The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the atsaveaturlmeta function. This makes it possible for unauthenticated attackers to update meta data vi...

CVE-2020-36746 Menu Swapper <= 1.1.0.2 - Cross-Site Request Forgery Bypass

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswpsavemeta function. This makes it possible for unauthenticated attackers to save meta data via a forged reque...

CVE-2020-36746 Menu Swapper <= 1.1.0.2 - Cross-Site Request Forgery Bypass

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswpsavemeta function. This makes it possible for unauthenticated attackers to save meta data via a forged reque...

CVE-2021-4394

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to update custom field meta data via ...

CVE-2021-4389

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the savemetadata function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a...

CVE-2021-4392

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated...

Cross site request forgery (csrf)

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated...

CVE-2021-4394 Locations <= 3.2.1 - Cross-Site Request Forgery Bypass

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to update custom field meta data via ...

CVE-2021-4392 eCommerce Product Catalog Plugin for WordPress <= 2.9.43 - Cross-Site Request Forgery Bypass

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated...

PT-2023-12504 · WordPress · Ecommerce Product Catalog Plugin

Name of the Vulnerable Software and Affected Versions: eCommerce Product Catalog Plugin for WordPress versions up to, and including, 2.9.43 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the implecode save products meta function. Th...

CVE-2023-35173

Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded...

End-to-End encrypted file-drops can be made inaccessible

None...

SUSE CVE-2023-28646

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta...

WordPress plugin Meta Data and Taxonomies Filter 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2023-28664

CVE-2023-28664 (WordPress MDTF plugin) affects WordPress Meta Data and Taxonomies Filter Plugin versions before 1.3.1. A reflected cross-site scripting vulnerability exists in the tax_name parameter of the mdf_get_tax_options_in_widget action that can be triggered by an authenticated user. The is...

SUSE CVE-2016-10712

In PHP before 5.5.32, 5.6.x before 5.6.18, and 7.x before 7.0.3, all of the return values of streamgetmetadata can be controlled if the input can be controlled e.g., during file uploads. For example, a "$uri = streamgetmetadatafopen$file, "r"'uri'" call mishandles the case where $file is...

[SECURITY] [DLA 3186-1] exiv2 security update

Debian LTS Advisory DLA-3186-1 [email protected] https://www.debian.org/lts/security/ Dominik George November 10, 2022 https://wiki.debian.org/LTS Package : exiv2 Version : 0.25-4+deb10u3 CVE ID : CVE-2017-11683 CVE-2020-19716 CVE-2022-3756 Debian Bug : 876893 Three vulnerabilities have...

container-tools:3.0 bug fix update

An update is available for fuse-overlayfs, container-selinux, udica, runc, toolbox, podman, conmon, skopeo, crun, libslirp, oci-seccomp-bpf-hook, slirp4netns, containernetworking-plugins, buildah, criu, cockpit-podman. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS...