65 matches found
CVE-2023-6197
The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audiomerchantsavesettings function. This makes it possible for unauthenticated attackers to modify the...
Class Scheduling System Data Forgery Problem Vulnerability
Class Scheduling System is a class scheduling system by jkev Personal Developer. A security vulnerability exists in Class Scheduling System version 1.0, which stems from a lack of authentication when changing email addresses or passwords, allowing a remote attacker to take over an account...
BD Alaris System with Guardrails Suite MX 授权问题漏洞
The BD Alaris System with Guardrails Suite MX is a medical device from BD Medical BD. A security vulnerability exists in the BD Alaris System with Guardrails Suite MX, which originates from the ability to modify the configuration of a PCU without having to authenticate using a physical connection...
PT-2023-19377 · Vcita · Crm/Lead Management By Vcita
Name of the Vulnerable Software and Affected Versions: CRM and Lead Management by vcita plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is due to missing nonce validation in the vcita-callback.php file, making it possible for unauthenticated attackers to modify th...
PT-2023-18816 · Vcita · Contact Form Builder By Vcita
Name of the Vulnerable Software and Affected Versions: Contact Form Builder by vcita plugin for WordPress versions up to, and including, 4.9.1 Description: The issue is due to missing nonce validation on the ls parse vcita callback function, making it possible for unauthenticated attackers to...
CVE-2023-1867
The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged...
PT-2022-25665 · Ezoic · Ezoic Plugin
Name of the Vulnerable Software and Affected Versions: Ezoic plugin versions prior to 2.8.9 Description: The issue allows for unauthenticated changes to plugin settings, leading to stored XSS. Recommendations: For Ezoic plugin versions prior to 2.8.9, update to version 2.8.9 or later to resolve t...
PT-2022-22649 · 59Sec · 59Sec Lite
Name of the Vulnerable Software and Affected Versions: 59sec THE Leads Management System: 59sec LITE plugin version 3.4.1 and earlier Description: The issue allows for unauthenticated changes to plugin settings. Recommendations: For 59sec LITE plugin version 3.4.1 and earlier, update to a version...
CVE-2022-30245
Honeywell Alerton Compass Software 1.6.5 allows unauthenticated configuration changes from remote users. This enables configuration data to be stored on the controller and then implemented. A user with malicious intent can send a crafted packet to change the controller configuration without the...
PT-2020-14249 · Teclib +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 9.5.2 Description: The issue concerns insecure storage of user input into the database as url base and url base api. These settings are used throughout the application, allowing for vulnerabilities such as Cross-Site...
PT-2020-15274
Name of the Vulnerable Software and Affected Versions GiveWP plugin versions prior to 2.5.10 Description The issue allows unauthenticated changes to settings. This is due to a problem in the includes/gateways/stripe/includes/admin/admin-actions.php file. Recommendations For GiveWP plugin versions...
Design/Logic Flaw
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...
CVE-2019-17230
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...
EUVD-2019-7647
includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress allows unauthenticated options changes...
CVE-2019-20620
An issue was discovered on Samsung mobile devices with P9.0 software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 March 2019...
CVE-2019-20620
An issue was discovered on Samsung mobile devices with P9.0 software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 March 2019...
Code injection
An issue was discovered on Samsung mobile devices with P9.0 software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 March 2019...
CVE-2019-20620
CVE-2019-20620 affects Samsung mobile devices running P (Android 9.0) software. The issue is that the Settings application allows unauthenticated changes, per the Samsung notice referencing SVE-2019-13814 and SVE-2019-13815. Documents do not specify the exact vulnerable component, root cause deta...
CVE-2019-20620
An issue was discovered on Samsung mobile devices with P9.0 software. The Settings application allows unauthenticated changes. The Samsung IDs are SVE-2019-13814, SVE-2019-13815 March 2019...
CVE-2019-17228
includes/options.php in the motors-car-dealership-classified-listings aka Motors - Car Dealer & Classified Ads plugin through 1.4.0 for WordPress allows unauthenticated options changes...