9 matches found
EUVD-2022-25224
Malicious code in bioql PyPI...
CVE-2022-1956
The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them...
CVE-2022-1956
The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them...
Cross site request forgery (csrf)
The Shortcut Macros WordPress plugin through 1.3 does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them...
CVE-2022-1956
CVE-2022-1956 affects the Shortcut Macros WordPress plugin (versions up to 1.3). The root cause is missing authorization and CSRF checks when updating plugin settings, enabling any authenticated user (e.g., a subscriber) to update settings. The public documents describe a CSRF attack workflow and...
WordPress pluginShortcut Macros 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Shortcut Macros plugin 1.3 and earlier versions are vulnerable to cross-site request forgery, which...
PT-2022-14216 · WordPress · Shortcut Macros
Name of the Vulnerable Software and Affected Versions: The Shortcut Macros WordPress plugin versions 1.3 and earlier Description: The issue is related to the lack of authorization and CSRF checks when updating settings in the plugin. This could allow any authenticated users, such as subscribers, ...
Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update
The plugin does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them. PoC Open the following HTML code while being logged in as a subscriber, or make any logged in user open it via a CSRF attack...
Shortcut Macros <= 1.3 - Subscriber+ Arbitrary Settings Update
The plugin does not have authorisation and CSRF checks in place when updating its settings, which could allow any authenticated users, such as subscriber, to update them. Open the following HTML code while being logged in as a subscriber, or make any logged in user open it via a CSRF attack...