Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin = 1.0.7.1 versions...

WordPress Plugin WOLF Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WOLF - WordPress Posts Bul...

CVE-2023-46152 WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin = 1.0.7.1 versions...

CVE-2023-46152

CVE-2023-46152 concerns the WOLF plugin (WordPress Posts Bulk Editor and Manager Professional) for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) in realmag777 WOLF versions

PT-2023-29891 · Novo Media · Novo-Map

Name of the Vulnerable Software and Affected Versions: Novo-media Novo-Map : your WP posts on custom google maps plugin versions 1.1.2 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user in...

PT-2023-29880 · WordPress · Realmag777 Wolf – Wordpress Posts Bulk Editor/Manager Professional

Name of the Vulnerable Software and Affected Versions: realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin versions 1.0.7.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to...

CVE-2023-4386

The Essential Blocks plugin for WordPress is vulnerable to PHP Object Injection in versions up to, and including, 4.2.0 via deserialization of untrusted input in the getposts function. This allows unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. ...

WordPress Popular Posts < 6.3.3 - Contributor+ Stored XSS

Description The plugin does not validate and escape some parameters, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks...

WordPress Popular Posts Plugin < 6.3.3 XSS Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpresspopularpostsproject:wordpresspopularposts"; if...

CVE-2023-45607

The CVE-2023-45607 entry concerns the WordPress Popular Posts plugin for WordPress, stating an authenticated (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in versions up to 6.3.2. Connected sources confirm the affected component is the WordPress Popular Posts plugin and identify ...

CVE-2023-45607 WordPress WordPress Popular Posts Plugin <= 6.3.2 is vulnerable to Cross Site Scripting (XSS)

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in Hector Cabrera WordPress Popular Posts plugin = 6.3.2 versions...

WordPress 5.0.x < 5.0.20 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

WordPress Plugin WordPress Popular Posts Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerability...

WordPress 4.5.x < 4.5.30 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

WordPress 4.6.x < 4.6.27 Multiple Vulnerabilities

According to its self-reported version number, the detected WordPress application is affected by multiple vulnerabilities : - A potential disclosure of user email addresses. - An RCE POP Chains vulnerability. - A Cross-Site Scripting XSS vulnerability in the post link navigation block. - An issue...

CVE-2023-44990

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin = 1.0.7.1 versions...

CVE-2023-44990 WordPress WOLF Plugin <= 1.0.7.1 is vulnerable to Cross Site Scripting (XSS)

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin = 1.0.7.1 versions...

Mattermost Security Vulnerabilities

Mattermost is an open source collaboration platform from US-based Mattermost. Mattermost Mobile suffers from a security vulnerability that stems from a failure to limit the maximum number of Markdown elements in a post, allowing an attacker to send a post containing hundreds of emojis to a...

DEBIAN-CVE-2023-5561

WordPress does not properly restrict which user fields are searchable via the REST API, allowing unauthenticated attackers to discern the email addresses of users who have published public posts on an affected website via an Oracle style attack...

CVE-2023-4687

The Page Builder: Pagelayer WordPress plugin before 1.7.7 doesn't prevent unauthenticated attackers from updating a post's header or footer code on scheduled posts...