108 matches found
WordPress Newspack Newsletters plugin <= 2.13.2 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Newspack Newsletters versions = 2.13.2...
WordPress Newspack Newsletters Plugin <= 2.13.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Newspack Newsletters Type Plugin Vulnerable versions = 2.13.2 Fixed in 2.13.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-37242 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8f54e12bc4ce Credits Rafie Muhamm...
WordPress Newspack Blocks plugin <= 3.0.8 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Rafie Muhammad Patchstack in WordPress Plugin Newspack Blocks versions = 3.0.8...
WordPress Newspack Blocks Plugin <= 3.0.8 is vulnerable to Sensitive Data Exposure
Software Newspack Blocks Type Plugin Vulnerable versions = 3.0.8 Fixed in 3.0.9 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-37115 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID 4f21501b4dac Credits Rafie Muhammad Patchstack...
Automattic: Authentication & Registration Bypass in Newspack Extended Access
The Newspack Extended Access plugin omitted to verify JWT signing on the registration and login JSON endpoint. This permitted registration of accounts with arbitrary user-supplied details, and authentication bypass and account hijack if a target account email was known...
Automattic: Authentication & Registration Bypass in Newspack Extended Access
The Newspack Extended Access plugin failed to validate the JWT signing on the registration and login JSON endpoint. This allowed for the registration of accounts with arbitrary user-supplied details and authentication bypass if a target account email was known...
Malicious code in newspack-blocks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19d89b9d3f2015dea066768f0f4932002b56fe3f15314f22cd1624289d77e654 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2022-4821 Malicious code in newspack-blocks (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 19d89b9d3f2015dea066768f0f4932002b56fe3f15314f22cd1624289d77e654 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...