5 matches found
EUVD-2024-33803
The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the saveoption function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2024-11416
The WIP Incoming Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the saveoption function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2024-11416
CVE-2024-11416 affects the WIP Incoming Lite WordPress plugin (versions
WordPress plugin WIP Incoming Lite 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...
WordPress WIP Incoming Lite Plugin <= 1.1.1 is vulnerable to Cross Site Scripting (XSS)
Software WIP Incoming Lite Type Plugin Vulnerable versions = 1.1.1 Fixed in 1.1.2 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-11416 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID d449e884123c Credits SOPROBRO Requir...