93 matches found
WordPress Plugin Product Catalog Simple 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2021-4374
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...
CVE-2023-1660
The AI ChatBot WordPress plugin before 4.4.9 does not have authorisation and CSRF in a function hooked to init, allowing unauthenticated users to update some settings, leading to Stored XSS due to the lack of escaping when outputting them in the admin dashboard...
WordPress theme Download Theme and plugin translation for Polylang 安全漏洞
WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on servers running PHP and MySQL.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Download Theme and plugin translation for Polylang...
CVE-2022-36360
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker t...
Design/Logic Flaw
A vulnerability has been identified in LOGO! 8 BM incl. SIPLUS variants All versions V8.3. Affected devices load firmware updates without checking the authenticity. Furthermore the integrity of the unencrypted firmware is only verified by a non-cryptographic method. This could allow an attacker t...
CVE-2022-2987
The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings which are hooked to the init action, allowing unauthenticated attackers to update them. Attackers could set their own LDAP server to be used t...
PT-2022-16248 · WordPress · Wp Sticky Button
Name of the Vulnerable Software and Affected Versions: WP Sticky Button WordPress plugin versions prior to 1.4.1 Description: The issue concerns a lack of authorization and CSRF checks when saving settings, allowing unauthenticated users to update them. This could also lead to Stored Cross-Site...
PT-2022-3097 · Motorola · Motorola Ace1000 Rtu
Name of the Vulnerable Software and Affected Versions: Motorola ACE1000 RTU through 2022-05-02 Description: The issue concerns the mishandling of firmware integrity in the Motorola ACE1000 RTU. Firmware updates can be performed using either the STS software suite or the ACE1000 Easy Configurator...
PT-2022-2807 · Hid · Hid Mercury Intelligent Controllers
Name of the Vulnerable Software and Affected Versions: HID Mercury Intelligent Controllers LP1501, LP1502, LP2500, LP4502, and EP4502 versions prior to 1.302 for the LP series and 1.296 for the EP series Description: The issue is related to a flaw in the data protection mechanism of the HID Mercu...
CVE-2022-0680
The Plezi WordPress plugin before 1.0.3 has a REST endpoint allowing unauthenticated users to update the plzconfigurationtrackerenable option, which is then displayed in the admin panel without sanitisation and escaping, leading to a Stored Cross-Site Scripting issue...
PT-2021-16273 · WordPress · Wp Debugging
Name of the Vulnerable Software and Affected Versions: WP Debugging WordPress plugin versions prior to 2.11.0 Description: The issue concerns the update settings function, which is hooked to admin init and lacks authorization and CSRF checks. This allows settings to be updated by unauthenticated...
The vulnerability of NPort asynchronous servers, related to deficiencies in authentication procedures, allows attackers to execute arbitrary code.
The vulnerability of Nport asynchronous servers is related to deficiencies in the authentication process. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by updating the device’s software remotely, without having to go through the authentication process...