56 matches found
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin = 3.3.5 versions...
CVE-2023-40558
CVE-2023-40558 : CSRF in the WordPress plugin “eMarket Design YouTube Video Gallery by YouTube Showcase” ( 3.3.5, with Patchstack noting fixed in 3.3.6. Other sources corroborate vulnerability details and patch guidance. If not upgrading, consider monitoring and applying vendor patch in a timely ...
CVE-2023-40558 WordPress Video Gallery & Management Plugin <= 3.3.5 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin = 3.3.5 versions...
CVE-2021-24730
The Logo Showcase with Slick Slider WordPress plugin before 1.2.5 does not have CSRF and authorisation checks in the lswsssaveattachmentdata AJAX action, allowing any authenticated users, such as Subscriber, to change title, description, alt text, and URL of arbitrary uploaded media...
WordPress a-staff – Team member showcase plugin for WordPress plugin <= 1.2.2 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability
Toggle The Debug Mode via Cross-Site Request Forgery CSRF vulnerability discovered in WordPress a-staff – Team member showcase plugin for WordPress plugin versions = 1.2.2. Solution No patched version available...
WordPress 访问控制错误漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports personal blog sites on servers running PHP and MySQL. An Access Control Error vulnerability exists in WordPress Plugins, which stems from The Logo Slider and...
CVE-2020-35939
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action mus...
CVE-2020-35937
Stored Cross-Site Scripting XSS vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...
CVE-2020-35939
PHP Object injection vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to inject arbitrary PHP objects due to insecure unserialization of data supplied in a remotely hosted crafted payload in the source parameter via AJAX. The action mus...
CVE-2020-35939
CVE-2020-35939 affects the Team Showcase plugin for WordPress (and related Post Grid/Team Showcase context) with PHP Object Injection via insecure unserialization in the source parameter over AJAX when action=team_import_xml_layouts. It requires authentication (remote authenticated attacker) and ...
CVE-2020-35937
Stored Cross-Site Scripting XSS vulnerabilities in the Team Showcase plugin before 1.22.16 for WordPress allow remote authenticated attackers to import layouts including JavaScript supplied via a remotely hosted crafted payload in the source parameter via AJAX. The action must be set to...
CVE-2020-35937
CVE-2020-35937 affects the WordPress Post Grid/Team Showcase plugin: stored XSS in Team Showcase before 1.22.16 via AJAX import of layouts (team_import_xml_layouts) where the source parameter can carry crafted JavaScript. Requires authenticated access; impact is partial confidentiality/integrity/...
WordPress Team Showcase plugin cross-site scripting vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in the Team Showcase plugin before 1.22.16 for WordPress...
WordPress Team Showcase plugin <= 1.22.15 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Stored Cross-Site Scripting XSS vulnerability found by Ramuel Gall Wordfence in WordPress Team Showcase plugin versions = 1.22.15. Solution Update the WordPress Team Showcase plugin to the latest available version at least 1.22.16...
WordPress Team Showcase plugin <= 1.22.15 - PHP Object Injection vulnerability
PHP Object Injection vulnerability found by Ramuel Gall Wordfence in WordPress Team Showcase plugin versions = 1.22.15. Solution Update the WordPress Team Showcase plugin to the latest available version at least 1.22.16...
Apache Struts (S2-048) Remote Command Execution Vulnerability
Apache Struts is an open source framework for creating enterprise Java Web applications. An S2-048 remote code execution vulnerability exists in Apache Struts2 version 2.3.x. The vulnerability exists in the Action Message class of a Showcase plugin for Struts2 and Struts1. The vulnerability exist...