10 matches found
EUVD-2021-11587
Malware in sbrugna...
CVE-2021-24675
The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack...
CVE-2021-24672
The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
WordPress Plugin Cross-Site Scripting Vulnerability (CNVD-2021-103642)
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. WordPress One User Avatar plugin in versions prior to 2.3.7 has a cross-site scripting vulnerability that stems from a lack...
CVE-2021-24672
The One User Avatar WordPress plugin before 2.3.7 does not escape the link and target attributes of its shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2021-24675
The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack...
CVE-2021-24675
The One User Avatar WordPress plugin before 2.3.7 does not check for CSRF when updating the Avatar in page where the avatarupload shortcode is embed. As a result, attackers could make logged in user change their avatar via a CSRF attack...
CVE-2021-24675
CVE-2021-24675 concerns the WordPress plugin “One User Avatar” (before 2.3.7). The vulnerability arises because the plugin does not verify CSRF when updating the avatar via the [avatar_upload] shortcode, allowing a logged-in attacker to induce a CSRF attack that changes a user’s avatar. Affected ...
WordPress 插件跨站请求伪造漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress Plugin is an open source application plugin for WordPress. A cross-site request forgery vulnerability...
WordPress One User Avatar plugin <= 2.3.6 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress One User Avatar plugin versions = 2.3.6. Solution Update the WordPress One User Avatar plugin to the latest available version at least 2.3.7...