9 matches found
CVE-2026-3742
A vulnerability was detected in YiFang CMS 2.0.5. The impacted element is the function update of the file app/db/admin/DsinglePage.php. Performing a manipulation of the argument Title results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and ma...
CVE-2023-5532
The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmapsaveareatitle' function. This makes it possible for unauthenticated attackers to update the post title and...
CVE-2024-9824 ImagePress - Image Gallery <= 1.2.2 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion and Post Title Update
The ImagePress – Image Gallery plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'ipdeletepost' and 'ipupdateposttitle' functions in all versions up to, and including, 1.2.2. This makes it possible for authenticated attackers...
CVE-2024-6824 Premium Addons for Elementor <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'checktempvalidity' and 'updatetemplatetitle' functions in all versions up to, and including, 4.10.38. This makes it possible for authenticate...
WordPress Premium Addons for Elementor plugin <= 4.10.38 - Missing Authorization to Authenticated (Contributor+) Arbitrary Content Deletion and Arbitrary Title Update vulnerability
Missing Authorization to Authenticated Contributor+ Arbitrary Content Deletion and Arbitrary Title Update vulnerability discovered by stealthcopter in WordPress Plugin Premium Addons for Elementor versions = 4.10.38...
CVE-2024-5858 Infographic Maker iList <= 4.7.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Title Update
The AI Infographic Maker plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the qcldopenaititlegeneratedesc AJAX action in all versions up to, and including, 4.7.4. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress Infographic Maker iList plugin <= 4.7.4 - Authenticated Arbitrary Title Update vulnerability
Authenticated Arbitrary Title Update vulnerability discovered by Lucio Sá in WordPress Plugin Infographic Maker – iList versions = 4.7.4...
CVE-2023-5532
The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmapsaveareatitle' function. This makes it possible for unauthenticated attackers to update the post title and...
MStore API < 3.9.7 - Multiple CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks, such as Order Status Update, Order Title Update, Product Limit Update, Order Message Update, and Firebase Server Key Update...