8 matches found
EUVD-2023-54147
Malicious code in bioql PyPI...
CVE-2023-4276
The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abprprofileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a...
CVE-2023-4276
CVE-2023-4276 affects the Absolute Privacy WordPress plugin (versions ≤ 2.1). Root cause: missing nonce validation in abpr_profileShortcode enabling Cross-Site Request Forgery. This allows unauthenticated attackers to change a site user’s email and password if a site admin clicks a crafted link. ...
CVE-2023-4276 Absolute Privacy <= 2.1 - Cross-Site Request Forgery to User Email/Password Change
The Absolute Privacy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1. This is due to missing nonce validation on the 'abprprofileShortcode' function. This makes it possible for unauthenticated attackers to change user email and password via a...
PT-2023-28577 · WordPress · Absolute Privacy
Name of the Vulnerable Software and Affected Versions: Absolute Privacy plugin for WordPress versions up to, and including, 2.1 Description: The issue is due to missing nonce validation on the abpr profileShortcode function, making it possible for unauthenticated attackers to change user email an...
WordPress Absolute Privacy Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Absolute Privacy Type Plugin Vulnerable versions = 2.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4276 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 920232a8a942 Credits Lana Codes Required...
Absolute Privacy <= 2.1 - User Email/Password Change via Cross-Site Request Forgery
Description The plugin does not protect its abprprofileShortcode action against CSRF attacks, allowing an unauthenticated attacker to change a users email or password by tricking a logged in administrator to submit a crafted request...
WordPress Plugin Absolute Privacy Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...