EUVD-2024-51013

Malicious code in bioql PyPI...

PT-2024-17683 · WordPress · Wplegalpages

Name of the Vulnerable Software and Affected Versions: WP Legal Pages plugin for WordPress versions up to, and including, 3.2.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the create popup delete process function. This allows...

CVE-2024-3477 Popup Box < 2.2.7 - Popup Deletion via CSRF

The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks...

CVE-2022-2405 WP Popup Builder < 1.3.0 - Subscriber+ Arbitrary Popup Deletion

The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup...

PT-2022-16434 · WordPress · Popup Builder

Name of the Vulnerable Software and Affected Versions: WP Popup Builder versions prior to 1.2.9 Description: The issue concerns a lack of authorization and CSRF check in an AJAX action within the WP Popup Builder WordPress plugin. This allows any authenticated users, such as subscribers, to delet...

WordPress plugin WP Popup Builder 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress WP Popup Builder...