EUVD-2012-1515

Malware in sbrugna...

CVE-2021-4413

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save field icons via a...

CVE-2021-20779

Cross-site request forgery CSRF vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors...

WordPress Plugin Email Template Designer - WP HTML Mail Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin Email Template...

CVE-2021-4413

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save field icons via a...

CVE-2021-4413 Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery Bypass

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save field icons via a...

WordPress Plugin Process Steps Template Designer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2023-12525 · WordPress · Process Steps Template Designer

Name of the Vulnerable Software and Affected Versions: Process Steps Template Designer plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save function. This allows...

CVE-2021-4349 Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This makes it possible for unauthenticated attackers to conduct unspecified attacks via forged request granted they can trick a site administrator into...

WordPress Plugin Process Steps Template Designer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-12458 · WordPress · Process Steps Template Designer

Name of the Vulnerable Software and Affected Versions: Process Steps Template Designer plugin for WordPress versions up to, and including, 1.2.1 Description: The issue allows unauthenticated attackers to conduct unspecified attacks via forged requests, provided they can trick a site administrator...

Wordpress Email Template Designer Plugin Authentication Bypass (CVE-2022-0218)

An authentication bypass vulnerability exists in the Wordpress plugin "WordPress Email Template Designer - WP HTML Mail". The vulnerability is due to lack of authentication on REST-API endpoints created by the plugin...

WordPress Email Template Designer Plugin Authentication Bypass (CVE-2022-0218)

An authentication bypass vulnerability exists in WordPress Email Template Designer. Successful exploitation of this vulnerability would allow remote attackers to gain unauthorized access into the affected system...

WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting Vulnerability

WordPress Email Template Designer – WP HTML Mail plugin versions 3.0.9 and below suffer from a cross site scripting vulnerability. Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the...

WordPress Email Template Designer – WP HTML Mail 3.0.9 Cross Site Scripting

Exploit makes it possible for unauthenticated attackers to achieve complete site takeover. On December 23, 2021 the Wordfence Threat Intelligence team initiated the responsible disclosure process for a vulnerability we discovered in “WordPress Email Template Designer – WP HTML Mail”, a WordPress...

CVE-2021-20779

Cross-site request forgery CSRF vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors...

CVE-2021-20779

The CVE-2021-20779 issue affects the WordPress plugin WordPress Email Template Designer - WP HTML Mail, specifically versions prior to 3.0.8. The vulnerability is Cross-site Request Forgery (CSRF) that can allow an attacker to hijack administrator authentication via unspecified vectors. Root caus...

CVE-2021-20779

Cross-site request forgery CSRF vulnerability in WordPress Email Template Designer - WP HTML Mail versions prior to 3.0.8 allows remote attackers to hijack the authentication of administrators via unspecified vectors...

WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" vulnerable to cross-site request forgery

Overview WordPress Plugin "WordPress Email Template Designer - WP HTML Mail" provided by codemiq contains a cross-site request forgery vulnerability CWE-352. Konan Nagashima of Cryptography Laboratory,Department of Information and Communication Engineering,Tokyo Denki University reported this...

Process Steps Template Designer < 1.3 - CSRF to Stored Cross-Site Scripting (XSS)

The plugin did not properly check its CSRF nonce in the FontAwesomeField.save method, which could allow attackers to make logged in users capable of editing posts change the Step Icon of arbitrary Process Steps. Due to the lack of sanitisation of the submitted Step icon value, it could also lead ...