136 matches found
PT-2022-14216 · WordPress · Shortcut Macros
Name of the Vulnerable Software and Affected Versions: The Shortcut Macros WordPress plugin versions 1.3 and earlier Description: The issue is related to the lack of authorization and CSRF checks when updating settings in the plugin. This could allow any authenticated users, such as subscribers, ...
WordPress plugin Pagebar Phlox 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. versions of the WordPress Pagebar plugin prior to 2.65 have a cross-site scripting vulnerability that ste...
CVE-2022-1960
The MyCSS WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2022-1627
The My Private Site WordPress plugin before 3.0.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2022-1842
The OpenBook Book Data WordPress plugin through 3.5.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping as well...
CVE-2022-1573
The HTML2WP WordPress plugin through 1.0.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them...
CVE-2022-1832
The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection...
CVE-2022-1828
The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress plugin CaPa Protect 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress CaPa Protect plugin is vulnerable to cross-site request forgery, which stems from the failu...
CVE-2022-1781
The postTabs WordPress plugin through 2.10.6 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
CVE-2022-1608
The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress plugin LiveSync 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists i...
CVE-2021-24836
The Temporary Login Without Password WordPress plugin before 1.7.1 does not have authorisation and CSRF checks when updating its settings, which could allows any logged-in users, such as subscribers to update them...
CVE-2019-15871
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...
Design/Logic Flaw
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...
CVE-2019-15871
The LoginPress plugin before 1.1.4 for WordPress has no capability check for updates to settings...