12 matches found
WordPress Pocket News Generator plugin <= 0.2.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Benedictus Jovan in WordPress Plugin Pocket News Generator versions = 0.2.0...
WordPress Pocket News Generator Plugin <= 0.2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Pocket News Generator Type Plugin Vulnerable versions = 0.2.0 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2964 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID ea8a99346fee Credits Benedictus Jovan...
WordPress Pocket News Generator plugin <= 0.2.0 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan in WordPress Plugin Pocket News Generator versions = 0.2.0...
CVE-2024-2964
The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the optionpage function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2024-2963
The Pocket News Generator plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings such as "Consumer Key" and "Access Token" in all versions up to, and including, 0.2.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2024-2964
The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the optionpage function. This makes it possible for unauthenticated attackers to update the plugin's...
CVE-2024-2964 Pocket News Generator <= 0.2.0 - Cross-Site Request Forgery to Settings Update
The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the optionpage function. This makes it possible for unauthenticated attackers to update the plugin's...
WordPress Plugin Pocket News Generator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin Pocket News Generator 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Pocket News Generator Plugin <= 0.2.0 is vulnerable to Cross Site Scripting (XSS)
Software Pocket News Generator Type Plugin Vulnerable versions = 0.2.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2963 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 560f4a5e6385 Credits Benedictus Jovan...
PT-2024-22944 · WordPress · Pocket News Generator
Name of the Vulnerable Software and Affected Versions: The Pocket News Generator plugin for WordPress versions up to, and including, 0.2.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the option page function. This allows...
PT-2024-22943 · WordPress · Pocket News Generator
Name of the Vulnerable Software and Affected Versions: The Pocket News Generator plugin for WordPress versions up to, and including, 0.2.0 Description: The issue is related to Stored Cross-Site Scripting via admin settings, specifically Consumer Key and Access Token, due to insufficient input...