EUVD-2022-25071

Malicious code in bioql PyPI...

CVE-2024-10854

The Buy one click WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the buyoneclickimportoptions AJAX action in all versions up to, and including, 2.2.9. This makes it possible for authenticated attackers, with Subscriber-leve...

WordPress Buy one click WooCommerce plugin <= 2.2.9 - Missing Authorization to Authenticated (Subscriber+) Settings Export vulnerability

Missing Authorization to Authenticated Subscriber+ Settings Export vulnerability discovered by incognito in WordPress Plugin Buy one click WooCommerce versions = 2.2.9...

CVE-2022-1791

The CVE refers to the WordPress plugin One Click Plugin Updater, affected ≤ 2.4.14, which lacks CSRF protection when updating settings. The root cause is missing CSRF checks, enabling a logged-in admin to alter settings via CSRF and disable/hide the updates badge and related checks. Exploitation ...

WordPress plugin One Click Plugin Updater 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...