5 matches found
PT-2026-44747
Name of the Vulnerable Software and Affected Versions Breeze versions prior to 2.5.3 Description Improper verification of the wordpress logged in cookie in the inc/cache/execute-cache.php file occurs when the "Cache Logged-in Users" setting is enabled. The plugin uses the substr function to parse...
WordPress Cookies Pro plugin <= 1.0 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by Abdi Pranata in WordPress Plugin Cookies Pro versions = 1.0...
WordPress WP Cookies Alert plugin <= 1.1.1 - CSRF to Stored XSS vulnerability
CSRF to Stored XSS vulnerability discovered by SOPROBRO in WordPress Plugin WP Cookies Alert versions = 1.1.1...
WordPress Cookies by JM Plugin <= 1.0 is vulnerable to Cross Site Scripting (XSS)
Software Cookies by JM Type Plugin Vulnerable versions = 1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-40604 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 709d77a53427 Credits Nithissh S Required privilege...
UBUNTU-CVE-2014-0166
The wpvalidateauthcookie function in wp-includes/pluggable.php in WordPress before 3.7.2 and 3.8.x before 3.8.2 does not properly determine the validity of authentication cookies, which makes it easier for remote attackers to obtain access via a forged cookie...