13 matches found
EUVD-2018-1904
Malware in sbrugna...
WordPress Metronet Tag Manager Cross-Site Request Forgery Vulnerability
WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.Metronet Tag Manager is used in one of the tracking code manager plugin. A cross-site request forgery vulnerabilit...
Cross site request forgery (csrf)
Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery CSRF vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must...
CVE-2018-1000506
Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery CSRF vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must...
CVE-2018-1000506
Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery CSRF vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must...
CVE-2018-1000506
The issue affects the WordPress plugin Metronet Tag Manager, version 1.2.7. It contains a Cross-Site Request Forgery (CSRF) vulnerability on the Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can allow a logged-in attacker to perform administrator actions. The vulnerab...
CVE-2018-1000506
Metronet Tag Manager version 1.2.7 contains a Cross ite Request Forgery CSRF vulnerability in Settings page /wp-admin/options-general.php?page=metronet-tag-manager that can result in allows anybody to do almost anything an admin can. This attack appear to be exploitable via Logged in user must...
WordPress Metronet Tag Manager plugin <=1.2.7 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability found by Tom Adams dxw in WordPress Metronet Tag Manager plugin versions =1.2.7. Solution Update the WordPress Metronet Tag Manager plugin to the latest available version at least 1.2.9...
WordPress Metronet Tag Manager 1.2.7 Plugin - Cross-Site Request Forgery Vulnerability
Exploit for php platform in category web applications Press submit on a page containing the following HTML snippet: alert1" !-- In a real attack, the form can be made to autosubmit so the victim only has to follow a link. Mitigations ================ Upgrade to version 1.2.9 or later...
WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery
WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery Press submit on a page containing the following HTML snippet: alert1" !-- In a real attack, the form can be made to autosubmit so the victim only has to follow a link. Mitigations ================ Upgrade to version 1.2.9 or...
WordPress Plugin Metronet Tag Manager 1.2.7 - Cross-Site Request Forgery
Press submit on a page containing the following HTML snippet: alert1" !-- In a real attack, the form can be made to autosubmit so the victim only has to follow a link. Mitigations ================ Upgrade to version 1.2.9 or later. Disclosure policy ================ dxw believes in respon...
Metronet Tag Manager 1.2.7 Cross Site Request Forgery
Details ================ Software: Metronet Tag Manager Version: 1.2.7 Homepage: https://wordpress.org/plugins/metronet-tag-manager/ Advisory report: https://advisories.dxw.com/advisories/csrf-metronet-tag-manager/ CVE: Awaiting assignment CVSS: 5.8 Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N Description...
Metronet Tag Manager <= 1.2.7 - Cross-Site Request Forgery (CSRF)
The Metronet Tag Manager WordPress plugin was affected by a Cross-Site Request Forgery CSRF security vulnerability...