The vulnerability of the sql_save function in the Cacti network monitoring software exists due to insufficient validation of input data, allowing attackers to carry out attacks based on SQL injections.

The vulnerability of the sqlsave function in the Cacti network monitoring software exists due to insufficient validation of input data. Exploiting this vulnerability could allow a malicious actor to carry out attacks based on SQL injections...

UBUNTU-CVE-2023-39357

Cacti is an open source operational monitoring and fault management framework. A defect in the sqlsave function was discovered. When the column type is numeric, the sqlsave function directly utilizes user input. Many files and functions calling the sqlsave function do not perform prior validation...

CVE-2023-3764

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoice...

Cross site request forgery (csrf)

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoice...

WordPress plugin WooCommerce PDF Invoice Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plugin. WordPress plugin WooCommerce PDF...

CVE-2021-4413

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save field icons via a...

CVE-2021-4412

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...

WordPress Plugin WP Prayer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2023-12525 · WordPress · Process Steps Template Designer

Name of the Vulnerable Software and Affected Versions: Process Steps Template Designer plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save function. This allows...

WordPress Plugin Process Steps Template Designer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

CVE-2021-4386

The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...

WordPress Plugin eCommerce Product Catalog 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-12498 · WordPress · Wp Security Question

Name of the Vulnerable Software and Affected Versions: WP Security Question plugin for WordPress versions up to, and including, 1.0.5 Description: The issue is due to missing or incorrect nonce validation on the save function, making it possible for unauthenticated attackers to modify the plugin'...

PT-2023-12505 · WordPress · Ecommerce Product Catalog Plugin

Name of the Vulnerable Software and Affected Versions: eCommerce Product Catalog Plugin for WordPress versions up to, and including, 3.0.17 Description: The issue is due to missing or incorrect nonce validation on the save function, making it possible for unauthenticated attackers to save manual...

CVE-2023-3236

A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function picsave of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit ha...

PT-2023-23747 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: mccms versions up to 2.6.5 Description: A critical issue has been found, affecting the pic save function of the file sys/apps/controllers/admin/Comic.php. The manipulation of the pic argument leads to server-side request forgery, which can be...

CVE-2023-2083

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is presen...

PT-2023-20168 · WordPress · Wpcs – Wordpress Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: WPCS – WordPress Currency Switcher Professional plugin versions up to, and including, 1.1.9 Description: The issue allows authenticated attackers with subscriber-level permissions and above to edit an arbitrary custom drop-down currency...

WordPress Plugin Essential Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

WordPress Plugin Essential Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...