29 matches found
CVE-2024-10045
CVE-2024-10045 affects the WordPress plugin Transients Manager (versions
WordPress plugin Transients Manager 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
PT-2024-15993 · WordPress · Transients Manager
Name of the Vulnerable Software and Affected Versions: Transients Manager plugin for WordPress version 2.0.6 and earlier Description: The issue is due to missing or incorrect nonce validation on the process actions function, making it possible for unauthenticated attackers to delete transients vi...
WordPress Transients Manager plugin <= 2.0.6 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by David Gallagher BatFeats in WordPress Plugin Transients Manager versions = 2.0.6...
WordPress Transients Manager Plugin <= 2.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
Software Transients Manager Type Plugin Vulnerable versions = 2.0.6 Fixed in 2.0.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10045 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3cec6ef3dda4 Credits David Gallagher...
The Plus Blocks for Block Editor | Gutenberg < 3.2.6 - Missing Authorization
Description The The Plus Blocks for Block Editor | Gutenberg plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the Tpfdeletetransient function in versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with...
CVE-2024-0835
The Royal Elementor Kit theme for WordPress is vulnerable to unauthorized arbitrary transient update due to a missing capability check on the dismissedhandler function in all versions up to, and including, 1.0.116. This makes it possible for authenticated attackers, with subscriber access or...
PT-2024-15854 · WordPress · The Royal Elementor Kit
Name of the Vulnerable Software and Affected Versions: The Royal Elementor Kit theme for WordPress versions up to, and including, 1.0.116 Description: The issue arises from a missing capability check on the dismissed handler function, allowing authenticated attackers with subscriber access or...
CVE-2022-3881
CVE-2022-3881 concerns the WordPress WPTools plugin, affected versions before 3.43. The issue is improper authorization and CSRF in an AJAX action, allowing any authenticated user (e.g., a subscriber) to install and activate arbitrary plugins from wordpress.org. Root cause: missing CSRF/authoriza...