269 matches found
Improper Validation
Shopware is vulnerable to Improper Validation. The vulnerability exists because the library does not properly validate the double opt-in setting in the newsletter route, allowing an attacker to skip the complete double opt-in process...
CVE-2023-22734
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...
Design/Logic Flaw
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...
CVE-2023-22734
CVE-2023-22734 concerns an improper validation of the newsletter double opt-in in Shopware. The vulnerability arises from the newsletter route not correctly enforcing double opt-in, potentially causing inconsistencies in newsletter systems. Documents indicate the issue has been fixed in version 6...
CVE-2023-22734 Improper Input Newsletter subscription option validation in shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...
CVE-2023-22734 Improper Input Newsletter subscription option validation in shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...
CVE-2023-22734 Improper Input Newsletter subscription option validation in shopware
Shopware is an open source commerce platform based on Symfony Framework and Vue js. The newsletter double opt-in validation was not checked properly, and it was possible to skip the complete double opt in process. As a result operators may have inconsistencies in their newsletter systems. This...
CVE-2022-41839
Broken Access Control vulnerability in WordPress LoginPress plugin = 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings...
Improper access control
Broken Access Control vulnerability in WordPress LoginPress plugin = 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings...
CVE-2022-41839 WordPress LoginPress plugin <= 1.6.2 - Broken Access Control vulnerability
Broken Access Control vulnerability in WordPress LoginPress plugin = 1.6.2 on WordPress leading to unauth. changing of Opt-In or Opt-Out tracking settings...
CVE-2022-41839
CVE-2022-41839 affects the WordPress LoginPress plugin (versions ≤ 1.6.2). The issue is a Broken Access Control that allows unauthorized changes to Opt-In/Opt-Out tracking settings. The published sources consistently describe unauthenticated modification of tracking preferences as the impact. Rem...
PT-2022-26091 · WordPress · Wordpress Loginpress
Name of the Vulnerable Software and Affected Versions: WordPress LoginPress plugin versions 1.6.2 and earlier Description: A Broken Access Control issue exists, allowing unauthorized changes to Opt-In or Opt-Out tracking settings. Recommendations: For WordPress LoginPress plugin versions 1.6.2 an...
CVE-2022-2123
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails...
CVE-2022-2123
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails...
Cross site request forgery (csrf)
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails...
CVE-2022-2123 WP Opt-in <= 1.4.1 - Arbitrary Settings Update via CSRF
The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails...
CVE-2022-2123
The CVE entry CVE-2022-2123 corresponds to the WP Opt-in WordPress plugin (versions
WordPress plugin Opt-in 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. version 1.4.1 of the WordPress Opt-in plugin is vulnerable to cross-site request forgery, which can b...
CVE-2022-32553
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...
CVE-2022-32553
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...