12 matches found
WordPress Snippet Shortcodes plugin <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion vulnerability
Authenticated Subscriber+ Shortcode Deletion vulnerability discovered by theviper17y in WordPress Plugin Snippet Shortcodes versions = 4.1.6...
CVE-2024-4543
The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes vi...
CVE-2024-12018
CVE-2024-12018 affects the WordPress plugin Snippet Shortcodes (Snippet Shortcodes). The issue is an unauthorized Shortcode Deletion vulnerability due to leaked nonce authentication in all versions up to 4.1.6, enabling authenticated attackers with Subscriber+ privileges to delete Shortcodes. Con...
CVE-2024-12018 Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, wit...
CVE-2024-12018 Snippet Shortcodes <= 4.1.6 - Authenticated (Subscriber+) Shortcode Deletion
The Snippet Shortcodes plugin for WordPress is vulnerable to unauthorized Shortcode Deletion due to missing authorization in all versions up to, and including, 4.1.6. Note that a nonce is used as authentication here, but the value is leaked. This makes it possible for authenticated attackers, wit...
WordPress plugin Snippet Shortcodes 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...
CVE-2024-4543
The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes vi...
CVE-2024-4543 Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery
The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes vi...
CVE-2024-4543 Snippet Shortcodes <= 4.1.4 - Cross-Site Request Forgery
The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes vi...
WordPress Snippet Shortcodes plugin <= 4.1.4 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin Snippet Shortcodes versions = 4.1.4...
WordPress Snippet Shortcodes Plugin <= 4.1.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Snippet Shortcodes Type Plugin Vulnerable versions = 4.1.4 Fixed in 4.1.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4543 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4af570583b48 Credits Benedictus Jovan...
WordPress plugin Snippet Shortcodes Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...