WordPress plugin WCFM Marketplace 安全漏洞

WordPress is a blogging platform developed using the PHP language. The platform has the ability to set up a personal blog site on a PHP and MySQL based server.WordPress plugin is an application plugin. WordPress plugin WCFM Marketplace suffers from a SQL injection vulnerability that stems from th...

EUVD-2022-52189

Malicious code in bioql PyPI...

EUVD-2022-52190

Malicious code in bioql PyPI...

CVE-2022-4936

The WCFM Marketplace plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.11 due to missing nonce checks on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of actions such as modifying shipping...

CVE-2022-4935

The WCFM Marketplace plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 3.4.11 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...

WordPress WCFM Marketplace Plugin <= 3.6.11 is vulnerable to Cross Site Scripting (XSS)

Software WCFM Marketplace Type Plugin Vulnerable versions = 3.6.11 Fixed in 3.6.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-44009 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID e15165a2d9e9 Credits Le Ngoc Anh Required privileg...

CVE-2023-4960 WCFM Marketplace <= 3.6.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

The WCFM Marketplace plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'wcfmstores' shortcode in versions up to, and including, 3.6.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with...