WordPress Weglot Translate plugin <= 5.1 - Missing Authorization to Unauthenticated Limited Transient Deletion vulnerability

Missing Authorization to Unauthenticated Limited Transient Deletion vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Weglot Translate versions = 5.1...

CVE-2023-0832

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the installweglot function called via the adminactioninstallweglot action. This makes it possible for...

WordPress Weglot Translate Plugin <= 4.2.5 is vulnerable to Cross Site Scripting (XSS)

Software Weglot Translate Type Plugin Vulnerable versions = 4.2.5 Fixed in 4.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2124 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID ff81bdc0a325 Credits Ngô Thiên An ancorn -...

WordPress Weglot Translate Plugin <= 1.9 is vulnerable to Cross Site Scripting (XSS)

Software Weglot Translate Type Plugin Vulnerable versions = 1.9 Fixed in 1.9.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 0d1c738b9210 Credits Rafie Muhammad Patchstack Required...

CVE-2023-0832

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the installweglot function called via the adminactioninstallweglot action. This makes it possible for...

CVE-2023-0832

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the installweglot function called via the adminactioninstallweglot action. This makes it possible for...

Cross site request forgery (csrf)

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the installweglot function called via the adminactioninstallweglot action. This makes it possible for...

CVE-2023-0832 Under Construction <= 3.96 - Cross-Site Request Forgery via admin_action_install_weglot

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the installweglot function called via the adminactioninstallweglot action. This makes it possible for...

PT-2023-16556 · Unknown +1 · Weglot Translate +1

Name of the Vulnerable Software and Affected Versions: Under Construction plugin for WordPress versions up to and including 3.96 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the install weglot function called via the admin action...