Pie Register < 3.8.1.3 - Unauthenticated Arbitrary User Deletion

The plugin does not have authorisation and CSRF when deleting users via an init action handler, allowing unauthenticated attackers to delete arbitrary users along with their posts PoC Invoke the following curl command to delete the user user id 2 curl https://example.com/wp-admin/admin-ajax.php...

CVE-2022-37720

Orchardproject Orchard CMS 1.10.3 is vulnerable to Cross Site Scripting XSS. When a low privileged user such as an author or publisher, injects a crafted html and javascript payload in a blog post, leading to full admin account takeover or privilege escalation when the malicious blog post is load...

PyroCMS 跨站脚本漏洞

PyroCMS is an individual developer's a lightweight open source content management system developed using the CodeIgniter framework. A security vulnerability exists in PyroCMS version 3.9, which stems from the ability of a low-privileged user such as an author or publisher to inject a carefully...

WordPress Ask Me plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-3750

CVE-2022-3750 refers to a CSRF vulnerability in WordPress Ask Me (and related) where posts can be deleted without a nonce or confirmation in versions prior to 6.8.7. Root cause: CSRF in the post-deletion flow; impact: unauthorized post deletion with user interaction required for exploitation in s...

WordPress plugin Ask Me 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Post By Email Enabled

WordPress has a core feature and plugins allowing content managers to publish posts on their blogs by sending their articles to a configured email address. The scanner detected that the target WordPress instance has either the core feature or a specific plugin configured. No source data...

WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables

Overview WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera accepts untrusted external inputs to update certain internal variables CWE-454. Tsubasa Iinuma of Origami Systems reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security...

WordPress Popular Posts < 6.1.0 - Unauthenticated Views Manipulation

The plugin does not validate some user inputs via a REST endpoint, which could allow unauthenticated users to update the number of views of articles...

JVN#13927745: WordPress Plugin "WordPress Popular Posts" accepts untrusted external inputs to update certain internal variables

WordPress Plugin "WordPress Popular Posts" provided by Hector Cabrera accepts untrusted external inputs to update certain internal variables CWE-454. Impact The number of views for an article may be manipulated through a crafted input. Solution Update the plugin Update the plugin according to the...

WordPress plugin Popular Posts 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...

CVE-2022-40205

Insecure direct object references IDOR vulnerability in the wpForo Forum plugin = 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved...

PT-2022-25282 · WordPress · Wpforo Forum

Name of the Vulnerable Software and Affected Versions: wpForo Forum plugin versions = 2.0.5 Description: The issue is related to an insecure direct object references IDOR vulnerability. This vulnerability allows attackers with subscriber or higher user roles to mark any forum post as solved or...

WordPress plugin wpForo Forum 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Easy Digital Downloads 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in the...

CVE-2022-41358

creationtimestamp| type| source ---|---|--- 2022-10-20 07:20:47+00:00| seen| https://t.me/cibsecurity/51861 2025-04-16 09:30:48+00:00| seen| https://bsky.app/profile/nimblenerd.social/post/3lmwbsfcyw52s 2025-04-17 21:02:29+00:00| seen|...

CVE-2022-3506

Cross-site Scripting XSS - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3...

CVE-2022-3506 Cross-site Scripting (XSS) - Stored in barrykooij/related-posts-for-wp

Cross-site Scripting XSS - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3...

PT-2022-22540 · WordPress · Related-Posts-For-Wp

Name of the Vulnerable Software and Affected Versions: related-posts-for-wp versions prior to 2.1.3 Description: The issue is related to Cross-site Scripting XSS - Stored, which affects the GitHub repository barrykooij/related-posts-for-wp. Recommendations: For versions prior to 2.1.3, update to...

CVE-2022-3506 Cross-site Scripting (XSS) - Stored in barrykooij/related-posts-for-wp

Cross-site Scripting XSS - Stored in GitHub repository barrykooij/related-posts-for-wp prior to 2.1.3...