49 matches found
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Daniel Powney Multi Rating plugin = 5.0.5 versions...
CVE-2022-47443 WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Daniel Powney Multi Rating plugin = 5.0.5 versions...
CVE-2022-47443
CVE-2022-47443 pertains to the WordPress Multi Rating plugin (Daniel Powney)
PT-2023-15319 · WordPress · Daniel Powney Multi Rating
Name of the Vulnerable Software and Affected Versions: Daniel Powney Multi Rating plugin versions = 5.0.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an attacker could potentially trick a user into performing unintended actions on a web...
WordPress Plugin Daniel Powney Multi Rating 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Daniel...
WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Cross Site Scripting (XSS)
Software Multi Rating Type Plugin Vulnerable versions = 5.0.6 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2022-47433 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID dedf07346191 Credits minhtuanact Required...
WordPress Multi Rating Plugin <= 5.0.6 is vulnerable to Broken Access Control
Software Multi Rating Type Plugin Vulnerable versions = 5.0.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-25053 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 49ce4d920ef6 Credits minhtuanact Required privilege...
WordPress Multi Rating Plugin <= 5.0.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Multi Rating Type Plugin Vulnerable versions = 5.0.5 Fixed in 5.0.6 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-47443 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 1dcbbd6b8544 Credits rezaduty Required...
Multi Rating < 5.0.6 - Ratings Deletion via CSRF
The plugin does not have CSRF check when deleting ratings, which could allow attackers to make logged in admins to perform such action via a CSRF attack...