CVE-2024-6321 ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload

The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'optionspage' function. This makes it possible for unauthenticated...

CVE-2024-6321 ScrollTo Bottom <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload

The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'optionspage' function. This makes it possible for unauthenticated...

WordPress ScrollTo Bottom plugin <= 1.1.1 - Cross-Site Request Forgery to Arbitrary File Upload vulnerability

Cross-Site Request Forgery to Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin ScrollTo Bottom versions = 1.1.1...

WordPress ScrollTo Top plugin <= 1.2.2 - Cross-Site Request Forgery to Arbitrary File Upload vulnerability

Cross-Site Request Forgery to Arbitrary File Upload vulnerability discovered by István Márton in WordPress Plugin ScrollTo Top versions = 1.2.2...

PT-2024-37541 · WordPress · Cg Scroll To Top

Name of the Vulnerable Software and Affected Versions: ScrollTo Top plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is due to missing nonce validation and missing file type validation in the options page function, making it possible for unauthenticated attackers t...

WordPress ScrollTo Top Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software ScrollTo Top Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6320 Patch priority Medium CVSS severity Medium 9.6 Developer Claim ownership PSID 2d9ac3963025 Credits István Márton...

WordPress plugin ScrollTo Bottom security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exist...

PT-2024-37542 · WordPress · Scrollto Bottom

Name of the Vulnerable Software and Affected Versions: ScrollTo Bottom plugin for WordPress versions up to, and including, 1.1.1 Description: The issue is due to missing nonce validation and missing file type validation in the options page function, making it possible for unauthenticated attacker...

WordPress ScrollTo Bottom Plugin <= 1.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software ScrollTo Bottom Type Plugin Vulnerable versions = 1.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6321 Patch priority Low CVSS severity Low 9.6 Developer Claim ownership PSID 5847554edd86 Credits István Márton Required...

SUSE CVE-2016-1943

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method...

Mozilla Firefox Spoofing Vulnerability (CNVD-2016-00849)

Mozilla Firefox on Android is an open source web browser for the Android platform. Mozilla Firefox has a security vulnerability that allows remote attackers to spoof the address bar using the scrollTo method...

CVE-2016-1943

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method...

Design/Logic Flaw

Mozilla Firefox before 44.0 on Android allows remote attackers to spoof the address bar via the scrollTo method...

CVE-2016-1943

Consolidated details show CVE-2016-1943 affects Mozilla Firefox on Android, where the address bar can be spoofed via the scrollTo method. OpenSUSE release notes (openSUSE-2016-128/0306-1/0309) document Firefox 44.0 and NSS/NSPR updates as fixes, explicitly listing CVE-2016-1943 as part of address...