CVE-2023-0498

The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

March 14, 2023—KB5023759 (Security-only update)

March 14, 2023—KB5023759 Security-only update IMPORTANT As of January 10, 2023, Microsoft no longer provides security updates or technical support for Windows 7 Service Pack 1 SP1. For customers who need additional time to upgrade and modernize their devices running Windows Server 2008 R2 on Azur...

WordPress plugin WP Statistics 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery vulnerabili...

CVE-2022-45804

Cross-Site Request Forgery CSRF vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin = 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin = 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate...

CVE-2022-45804 WordPress Robo Gallery Plugin <= 3.2.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin = 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate...

SUSE CVE-2015-8816

The hubactivate function in drivers/usb/core/hub.c in the Linux kernel before 4.3.5 does not properly maintain a hub-interface data structure, which allows physically proximate attackers to cause a denial of service invalid memory access and system crash or possibly have unspecified other impact ...

SUSE CVE-2018-5179

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...

SUSE CVE-2018-16741

An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function doactivate does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or characters within a file created by the "faxq-helper activate " command...

CVE-2022-4709

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprimportlibrarytemplate' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate...

CVE-2022-4709

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprimportlibrarytemplate' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to import and activate...

CVE-2022-4701

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredplugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...

CVE-2022-4701

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpractivaterequiredplugins' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the...

PT-2023-15128 · WordPress · Royal Elementor Addons

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is related to insufficient access control in the 'wpr activate required theme' AJAX action. This allows any authenticated user,...

PT-2023-15131 · WordPress · Media Library Assistant +3

Name of the Vulnerable Software and Affected Versions: The Royal Elementor Addons plugin for WordPress versions up to, and including, 1.3.59 Description: The issue is related to insufficient access control in the 'wpr activate required plugins' AJAX action. This allows any authenticated user,...

WordPress Plugin Contest Gallery SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

CVE-2022-3881

The WP Tools Increase Maximum Limits, Repair, Server PHP Info, Javascript errors, File Permissions, Transients, Error Log WordPress plugin before 3.43 does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and...

StopBadBots < 7.24 - Subscriber+ Arbitrary Plugin Installation

The plugin does not have proper authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscriber to call it and install and activate arbitrary plugins from wordpress.org Run the below command in the developer console of the web browser while being on the blog as a...

Governance: users cannot endorse if they voted, which may cause deadlock

Lines of code Vulnerability details Impact It may cause a deadlock situation Condition: there is no proposal with enough endorsement majority depending on the endorsement threshold of votes are locked in the current proposal The votes for the current proposal are balanced between for and against ...

CVE-2022-2245

The Counter Box WordPress plugin before 1.2.1 is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks...