27 matches found
Cross site request forgery (csrf)
The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php...
CVE-2018-5368
The SrbTransLatin plugin 1.46 for WordPress has CSRF via an srbtranslatoptions action to wp-admin/options-general.php...
CVE-2018-5369
The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a langidentificator parameter...
CVE-2018-5369
The SrbTransLatin plugin 1.46 for WordPress is affected by CVE-2018-5369: a Cross-Site Scripting (XSS) vulnerability via the srbtranslatoptions action to wp-admin/options-general.php with the lang_identificator parameter. This, as documented, can allow injection of arbitrary web script or HTML. S...
CVE-2018-5368
The CVE-2018-5368 entry concerns the SrbTransLatin plugin 1.46 for WordPress, where a CSRF vulnerability exists via an srbtranslatoptions action to wp-admin/options-general.php. The primary sources (NVD, CVE list, and WPVulnDB) confirm the affected component and the attack vector. The CVSS metric...
WordPress Srbtranslatin <= 1.4.6 - Stored Cross-site scripting (XSS) & Cross-site request forgery (CSRF) vulnerabilities
Stored Cross-site scripting XSS and Cross-site request forgery CSRF vulnerabilities were found in WordPress Srbtranslatin in 1.4.6 version. Solution Update the plugin...
SrbTransLatin <= 1.46 - Stored XSS & CSRF
The SrbTransLatin – Serbian Latinisation WordPress plugin was affected by a Stored XSS & CSRF security vulnerability...