7 matches found
EUVD-2021-34251
Malicious code in bioql PyPI...
CVE-2022-3074
The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks...
CVE-2021-4424
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
CVE-2021-4424
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
Cross site request forgery (csrf)
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
CVE-2021-4424 Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
CVE-2022-3074
The Slider Hero WordPress plugin before 8.4.4 does not escape the slider Name, which could allow high-privileged users to perform Cross-Site Scripting attacks...