87 matches found
WordPress Subresource Integrity (SRI) Manager Plugin <= 0.4.0 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by Nabil Irawan in WordPress Plugin Subresource Integrity SRI Manager versions = 0.4.0...
CVE-2025-57936
CVE-2025-57936 — Affected: Subresource Integrity (SRI) Manager. The connected documents indicate a Missing Authorization vulnerability impacting SRI Manager versions from n/a up to and including 0.4.0. CVSS v3.1 base score 4.3 (Medium) with network attack vector, low privileges required, no user ...
CVE-2025-57936 WordPress Subresource Integrity (SRI) Manager Plugin <= 0.4.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Meitar Subresource Integrity SRI Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Subresource Integrity SRI Manager: from n/a through 0.4.0...
CVE-2025-57936 WordPress Subresource Integrity (SRI) Manager Plugin <= 0.4.0 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Meitar Subresource Integrity SRI Manager wp-sri allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subresource Integrity SRI Manager: from n/a through = 0.4.0...
WordPress plugin Subresource Integrity (SRI) Manager 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based servers....
PT-2025-38786
Name of the Vulnerable Software and Affected Versions Meitar Subresource Integrity SRI Manager versions through 0.4.0 Description An authorization issue exists in Meitar Subresource Integrity SRI Manager, allowing exploitation due to incorrectly configured access control security levels...
CVE-2022-36315
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...
CVE-2020-15262
In webpack-subresource-integrity before version 1.5.1, all dynamically loaded chunks receive an invalid integrity hash that is ignored by the browser, and therefore the browser cannot validate their integrity. This removes the additional level of protection offered by SRI for such chunks. Top-lev...
OESA-2025-1268 firefox security update
Mozilla Firefox is a standalone web browser, designed for standards compliance and performance. Its functionality can be enhanced via a plethora of extensions. Security Fixes: When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of...
CVE-2024-30250
Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...
CVE-2024-29896
Astro-Shield is a library to compute the subresource integrity hashes for your JS scripts and CSS stylesheets. When automated CSP headers generation for SSR content is enabled and the web application serves content that can be partially controlled by external users, then it is possible that the C...
CVE-2024-30250
Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...
CVE-2024-30250 In Astro-Shield, setting a correct `integrity` attribute to injected code allows to bypass the allow-lists
Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. Versions from 1.2.0 to 1.3.1 of Astro-Shield allow bypass to the allow-lists for cross-origin resources by introducing valid integrity attributes to...
PT-2024-23298 · Unknown · Astro-Shield
Name of the Vulnerable Software and Affected Versions: Astro-Shield versions 1.2.0 through 1.3.1 Description: Astro-Shield is an integration to enhance website security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques. The issue allows bypass to the...
CVE-2024-29896
CVE-2024-29896 affects the Astro-Shield library. The vulnerability stems from automated CSP header generation for SSR content, where the CSP header may inadvertently allowlisting malicious injected resources (e.g., inlined or external scripts) when content can be partially controlled by external ...
SUSE CVE-2016-1636
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity...
SUSE CVE-2022-36315
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...
CVE-2022-36315
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...
CVE-2022-36315
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...
CVE-2022-36315
When loading a script with Subresource Integrity, attackers with an injection capability could trigger the reuse of previously cached entries with incorrect, different integrity metadata. This vulnerability affects Firefox 103...