31 matches found
WordPress Essential Content Types plugin <= 1.8.6 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Essential Content Types plugin versions = 1.8.6. Solution Update the WordPress Essential Content Types plugin to the latest available version at least 1.9...
WordPress Catch Import Export plugin <= 1.8 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Import Export plugin versions = 1.8. Solution Update the WordPress Catch Import Export plugin to the latest available version at least 1.9...
WordPress Catch Sticky Menu plugin <= 1.6.3 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Sticky Menu plugin versions = 1.6.3. Solution Update the WordPress Catch Sticky Menu plugin to the latest available version at least 1.7...
WordPress Essential Widgets plugin <= 1.8 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Essential Widgets plugin versions = 1.8. Solution Update the WordPress Essential Widgets plugin to the latest available version at least 1.9...
WordPress To Top plugin <= 2.2.2 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress To Top plugin versions = 2.2.2. Solution Update the WordPress To Top plugin to the latest available version at least 2.3...
WordPress Catch Under Construction plugin <= 1.3.4 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Under Construction plugin versions = 1.3.4. Solution Update the WordPress Catch Under Construction plugin to the latest available version at least 1.4...
WordPress Catch Scroll Progress Bar plugin <= 1.5 - Unauthorized Plugin Setting Change vulnerability
Unauthorized Plugin Setting Change vulnerability discovered by apple502j in WordPress Catch Scroll Progress Bar plugin versions = 1.5. Solution Update the WordPress Catch Scroll Progress Bar plugin to the latest available version at least 1.6...
Compact WP Audio Player < 1.9.7 - Setting Change via CSRF
The plugin does not implement nonce checks, which could allow attackers to make a logged in admin change the "Disable Simultaneous Play" setting via a CSRF attack. PoC...
CVE-2017-1000224
CSRF in YouTube WordPress plugin could allow unauthenticated attacker to change any setting within the plugin...
AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery
Overview AQUOS Photo Player HN-PP150 provided by Sharp Corporation contains a cross-site request forgery vulnerability CWE-352. Junichi MURAKAMI of FFRI, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact ...
Slack: Team admin can change unauthorized team setting (allow_message_deletion)
Team admin can escalate his privileges and change 'allowmessagedeletion' team setting, which can be changed only by a team owner. Steps to reproduce: 1. Log in as team admin. 2. Send the below request using his cookie & token and notice that it changes 'allowmessagedeletion' team setting to true...