6 matches found
CVE-2026-45610
WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FAUser::getId, false on the session-authenticated user, and...
WordPress plugin WP Shopping Pages 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2021-16273 · WordPress · Wp Debugging
Name of the Vulnerable Software and Affected Versions: WP Debugging WordPress plugin versions prior to 2.11.0 Description: The issue concerns the update settings function, which is hooked to admin init and lacks authorization and CSRF checks. This allows settings to be updated by unauthenticated...
GHSA-GJWP-7V3G-99PJ Cross-site Request Forgery (CSRF) in joplin
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery CSRF due to missing CSRF checks in various forms...
Cross-site Request Forgery (CSRF) in joplin
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery CSRF due to missing CSRF checks in various forms...
CVE-2021-23431 Cross-site Request Forgery (CSRF)
The package joplin before 2.3.2 are vulnerable to Cross-site Request Forgery CSRF due to missing CSRF checks in various forms...