5 matches found
WordPress WooCommerce Product Filter plugin < 1.4.4 - Filter Deletion via CSRF vulnerability
Filter Deletion via CSRF vulnerability discovered by Erwan LR WPScan in WordPress Plugin Themify – WooCommerce Product Filter versions 1.4.4...
PT-2023-32335 · WordPress · The Assistant Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: The Assistant WordPress plugin versions prior to 1.4.4 Description: The issue arises from the plugin not validating a parameter before making a request to it via wp remote get, which could allow users with a role as low as Editor to perform...
Typora 跨站脚本漏洞
Typora is a lightweight Markdown editor developed by Abner Lee. A cross-site scripting vulnerability exists in versions prior to Typora 1.4.4, which can be exploited by attackers to launch cross-site scripting attacks...
Roundcube Webmail Cross-Site Request Forgery Vulnerability (CNVD-2020-31750)
Roundcube Webmail is an open source browser-based IMAP client that supports address book management, message searching, spell checking and more. A cross-site request forgery vulnerability exists in Roundcube Webmail versions prior to 1.4.4. The vulnerability stems from a WEB application that does...
PT-2020-3644 · Roundcube +4 · Roundcube Webmail +4
Name of the Vulnerable Software and Affected Versions: Roundcube Webmail versions prior to 1.4.4 Description: The issue is related to a cross-site scripting XSS vulnerability in the rcube washtml.php file of Roundcube Webmail. This vulnerability occurs because JavaScript code can be present in th...