EUVD-2024-29146

Malicious code in bioql PyPI...

CVE-2024-31250

Cross-Site Request Forgery CSRF vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3...

WordPress WP Server Health Stats plugin 1.7.6 - Injected Backdoor vulnerability

Injected Backdoor vulnerability discovered by WordFence in WordPress Plugin WP Server Health Stats versions 1.7.6...

WordPress WP Server Health Stats Plugin 1.7.6 is vulnerable to Backdoor

Software WP Server Health Stats Type Plugin Vulnerable versions 1.7.6 Fixed in 1.7.7 OWASP Top 10 A3: Injection Classification Backdoor CVE CVE-2024-6297 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 45a546f4e251 Credits WordFence Required privilege Unauthenticated...

CVE-2024-31250

Cross-Site Request Forgery CSRF vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3...

CVE-2024-31250 WordPress WP Server Health Stats plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saumya Majumder WP Server Health Stats.This issue affects WP Server Health Stats: from n/a through 1.7.3...

CVE-2024-31250

CVE-2024-31250 is a Cross-Site Request Forgery (CSRF) in the WordPress plugin WP Server Health Stats (Saumya Majumder). Affected versions are 1.7.3 and earlier (from n/a through 1.7.3). The CVE record provides CVSS v3.1 data: AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N with a base score of 4.3 (Medium). ...

PT-2024-23893 · WordPress · Wp Server Health Stats

Name of the Vulnerable Software and Affected Versions: WP Server Health Stats versions 1.7.3 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application...

WordPress Plugin WP Server Health Stats 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery...

WordPress WP Server Health Stats plugin <= 1.7.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das in WordPress Plugin WP Server Health Stats versions = 1.7.3...

WordPress WP Server Health Stats Plugin <= 1.7.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Server Health Stats Type Plugin Vulnerable versions = 1.7.3 Fixed in 1.7.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31250 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 7e40a67d6b47 Credits Dhabaleshwar...

CVE-2022-2887

The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2887

The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

CVE-2022-2887

The WP Server Health Stats WordPress plugin before 1.7.0 does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

WordPress WP Server Health Stats plugin <= 1.6.10 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated Stored Cross-Site Scripting XSS vulnerability discovered by Mika in WordPress WP Server Health Stats plugin versions = 1.6.10. Solution Update the WordPress WP Server Health Stats plugin to the latest available version at least 1.7.0...

WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. As admin, put the following payload in the "Provide your IP-API Pro key", "Memcached Server Host", "Set the realti...

WP Server Health Stats < 1.7.0 - Admin+ Stored Cross-Site Scripting

The plugin does not escape some of its settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. PoC As admin, put the following payload in the "Provide your IP-API Pro key", "Memcached Server Host", "Set the...