105 matches found
CVE-2022-41781
The CVE-2022-41781 entry concerns the WordPress Permalink Manager Lite plugin, version
PT-2022-26071 · WordPress · Permalink Manager Lite
Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin versions = 2.2.20 Description: The issue is related to a Broken Access Control vulnerability. Recommendations: For Permalink Manager Lite plugin versions = 2.2.20, update to a version higher than 2.2.20 to resolv...
WordPress Permalink Manager Lite Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Permalink Manager Lite 2.2.20.1 and prior versions, which stems from missing or...
WordPress plugin Permalink Manager Lite 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. The platform supports the hosting of personal blogging sites on servers with PHP and MySQL. WordPress plugin is an application plugin. WordPress...
CVE-2022-4021
The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extraactions function. This makes it possible for unauthenticated attackers to change plugin settings...
CVE-2022-4021
The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extraactions function. This makes it possible for unauthenticated attackers to change plugin settings...
Cross site request forgery (csrf)
The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extraactions function. This makes it possible for unauthenticated attackers to change plugin settings...
CVE-2022-4021 Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery
The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extraactions function. This makes it possible for unauthenticated attackers to change plugin settings...
CVE-2022-4021 Permalink Manager Lite <= 2.2.20.1 - Cross-Site Request Forgery
The Permalink Manager Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.2.20.1. This is due to missing or incorrect nonce validation on the extraactions function. This makes it possible for unauthenticated attackers to change plugin settings...
CVE-2022-4021
The CVE-2022-4021 entry concerns the WordPress Permalink Manager Lite plugin (vulnerable up to and including 2.2.20.1) with a CSRF flaw in the extra_actions function due to missing/incorrect nonce validation. This allows unauthenticated attackers to alter plugin settings, including permalinks and...
PT-2022-25285 · WordPress · Permalink Manager Lite
Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including, 2.2.20.1 Description: The issue is due to missing or incorrect nonce validation on the extra actions function, making it possible for unauthenticated attackers to chan...
Permalink Manager Lite < 2.2.20.2 - Settings Update via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress plugin Permalink Manager Lite 跨站请求伪造漏洞
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in WordPress Permalink Manager Lite 2.2.20.1 and prior versions, which stems from missing or...
Permalink Manager Lite < 2.2.20.1 - Unauthenticated URI Deletion
The plugin does not have authorisation checks when deleting URI, which could allow unauthenticated attackers to delete them...
CVE-2022-0201
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue...
CVE-2022-0201
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue...
CVE-2022-0201
The Permalink Manager Lite WordPress plugin before 2.2.15 and Permalink Manager Pro WordPress plugin before 2.2.15 do not sanitise and escape query parameters before outputting them back in the debug page, leading to a Reflected Cross-Site Scripting issue...
WordPress plugin 跨站脚本漏洞
WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. A cross-site scripting vulnerability exists in WordPress Permalink Manager Lite and Permalink Manager Pro plugins prior to version 2.2.15, which stems from the plugin's failure to clean up and...
WordPress Permalink Manager Lite plugin <= 2.2.14 - Unauthorized Reflected Cross-Site Scripting (XSS) vulnerability
Unauthorized Reflected Cross-Site Scripting XSS vulnerability discovered by Krzysztof Zając in WordPress Permalink Manager Lite plugin versions = 2.2.14. Solution Update the WordPress Permalink Manager Lite plugin to the latest available version at least 2.2.15...
CVE-2021-24769
The Permalink Manager Lite WordPress plugin before 2.2.13.1 does not validate and escape the orderby parameter before using it in a SQL statement in the Permalink Manager page, leading to a SQL Injection...