50 matches found
WordPress SecuPress plugin <= 2.2.5.1 - Cross-Site Request Forgery to Banned IP Address vulnerability
Cross-Site Request Forgery to Banned IP Address vulnerability discovered by Lucio Sá in WordPress Plugin SecuPress Free versions = 2.2.5.1...
PT-2024-18097 · WordPress · Secupress Free
Name of the Vulnerable Software and Affected Versions: SecuPress Free — WordPress Security plugin versions up to, and including, 2.2.5.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the secupress blackhole ban ip function. This...
WordPress SecuPress Free Plugin <= 2.2.5.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software SecuPress Free Type Plugin Vulnerable versions = 2.2.5.1 Fixed in 2.2.5.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-1504 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e3f0f4ee5647 Credits Lucio Sá Required...
WordPress Plugin SecuPress Free — WordPress Security 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin SecuPress Free - A securit...
SecuPress Free — WordPress Security < 2.2.5.2 - Cross-Site Request Forgery to Banned IP Address
Description The SecuPress Free — WordPress Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.5.1. This is due to missing or incorrect nonce validation on the secupressblackholebanip function. This makes it possible for...
WordPress iThemes Security Pro premium plugin <= 6.8.3 - Hide Backend Bypass vulnerability
Hide Backend Bypass vulnerability discovered by Julio Potier SecuPress in WordPress iThemes Security Pro premium plugin versions = 6.8.3. Solution Update the WordPress iThemes Security Pro premium plugin to the latest available version at least 6.8.4...
iThemes Security Free (< 7.9.1) & Pro (< 6.8.4) - Hide Backend Bypass
Both the iThemes Security free and pro versions were affected. - Patched in Version iThemes Security: 7.9.1 - Patched in Version iThemes Security Pro: 6.8.4 The bug allowed attackers to bypass the "Hide Backend" feature, that, when enabled, hides the WordPress wp-login.php and wp-admin pages...
WordPress iThemes Security plugin <= 7.9.0 - Hide Backend Bypass vulnerability
Hide Backend Bypass vulnerability discovered by Julio Potier SecuPress in WordPress iThemes Security plugin versions = 7.9.0. Solution Update the WordPress iThemes Security plugin to the latest available version at least 7.9.1...
SecuPress < 2.0 - Unauthenticated Arbitrary IP Ban
The SecuPress WordPress plugin, both free and pro, versions less than 2.0, were affected by a flaw that allowed unauthenticated users to ban any IP on a site that had the plugin installed, making it impossible for them to visit the site. Effectively causing a Denial of Service DoS to the banned I...
WordPress Newspaper premium theme <= 10.3.3 - Authenticated Reflected Cross-Site Scripting (XSS) vulnerability
Authenticated Reflected Cross-Site Scripting XSS vulnerability discovered by Julio Potier Secupress in WordPress Newspaper premium theme versions = 10.3.3. Solution Update the WordPress Newspaper premium theme to the latest available version at least 10.3.4...