Pricing Table by Supsystic < 1.8.1 - Cross-Site Request Forgery to XSS and Setting Changes

CSRF can be exploited against any of the functionalities in the Pricing Table by Supsystic WordPress plugin in vulnerable versions. One example:...

Pricing Table by Supsystic < 1.8.1 - Cross-Site Request Forgery to XSS and Setting Changes

CSRF can be exploited against any of the functionalities in the Pricing Table by Supsystic WordPress plugin in vulnerable versions. PoC One example:...

WordPress Minimal Coming Soon & Maintenance Mode plugin <= 2.10 - CSRF to Stored XSS and Setting Changes vulnerability

CSRF to Stored XSS and Setting Changes vulnerability found by Chloe Chamberland in WordPress Minimal Coming Soon & Maintenance Mode plugin versions = 2.10. Solution Update the WordPress Minimal Coming Soon & Maintenance Mode plugin to the latest available version at least 2.15...

Minimal Coming Soon & Maintenance Mode < 2.15 - CSRF to Stored XSS and Setting Changes

This plugin had no nonce checks on any of the settings to verify that a request came from a legitimate source, such as a logged in administrative user. Therefore, creating a CSRF to stored XSS in addition to significant setting changes. alert1" /...

Minimal Coming Soon & Maintenance Mode < 2.15 - CSRF to Stored XSS and Setting Changes

This plugin had no nonce checks on any of the settings to verify that a request came from a legitimate source, such as a logged in administrative user. Therefore, creating a CSRF to stored XSS in addition to significant setting changes. PoC...

CVE-2019-16731

The udpServerSys service in Petwant PF-103 firmware 4.22.2.42 and Petalk AI 3.2.2.30 allows remote attackers to initiate firmware upgrades and alter device settings...

Denial Of Service (DoS)

Eclipse Jetty is vulnerable to denial of service attacks. A remote, unauthenticated attacker could exploit the flawed SETTING Frame Handler component due to the additional CPU and memory allocations required to handle setting changes causing denial of service conditions...

phpmyfaq -- multiple vulnerabilities

The phpMyFAQ team reports: An arbitrary script may be executed on the user's Internet Explorer when using an older version of the browser. If a user views a malicious page while logged in, settings may be changed unintentionally...