CVE-2024-1717

The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handleajaxcall function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2024-52420

Cross-Site Request Forgery CSRF vulnerability in Themeisle Disable Admin Notices individually disable-admin-notices allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through = 1.4.0...

CVE-2024-52420

CVE-2024-52420 concerns a Cross-Site Request Forgery in the WordPress plugin Disable Admin Notices individually. The initial record specifies that the issue affects plugin versions up to 1.3.5, and multiple connected sources corroborate a CSRF vulnerability in this plugin. Patchstack and related ...

CVE-2024-52420 WordPress Disable Admin Notices individually plugin <= 1.3.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Creative Motion Disable Admin Notices individually allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through 1.3.5...

PT-2024-35260 · Unknown · Disable Admin Notices Individually

Name of the Vulnerable Software and Affected Versions: Disable Admin Notices individually versions 1.3.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This can be achieved by...

WordPress plugin Disable Admin Notices individually 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...

WordPress Disable Admin Notices individually plugin <= 1.4.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin Disable Admin Notices individually versions = 1.4.0...

CVE-2023-7292

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytiumnoticedismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7292

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytiumnoticedismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

CVE-2023-7292 Paytium: Mollie payment forms & donations <= 4.3.7 - Missing Authorization in 'paytium_notice_dismiss'

The Paytium: Mollie payment forms & donations plugin for WordPress is vulnerable to unauthorized notification dismissal due to a missing capability check on the paytiumnoticedismiss function in versions up to, and including, 4.3.7. This makes it possible for authenticated attackers with...

PT-2024-39350 · WordPress · Broken Link Checker

Name of the Vulnerable Software and Affected Versions: Broken Link Checker plugin for WordPress versions up to, and including, 2.4.0 Description: The Broken Link Checker plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add query arg in...

CVE-2023-6492

CVE-2023-6492 – Simple Sitemap (WordPress) is a CSRF vulnerability in all versions

Wordpress Simple Sitemap plugin <= 3.5.13 - Cross-Site Request Forgery via admin_notices vulnerability

Cross-Site Request Forgery via adminnotices vulnerability discovered by Rafshanzani Suhada in WordPress Plugin Simple Sitemap – Create a Responsive HTML Sitemap versions = 3.5.13...

Simple Sitemap < 3.5.14 - Cross-Site Request Forgery via admin_notices

Description The Simple Sitemap – Create a Responsive HTML Sitemap plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.13. This is due to missing or incorrect nonce validation in the 'adminnotices' hook found in class-settings.php. This makes ...

CVE-2024-1717 Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval

The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handleajaxcall function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

CVE-2024-1717 Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval

The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handleajaxcall function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to...

WordPress Admin Notices Manager plugin <= 1.4.0 - Missing Authorization to Authenticated User Email Retrieval vulnerability

Missing Authorization to Authenticated User Email Retrieval vulnerability discovered by Lucio Sá in WordPress Plugin Admin Notices Manager versions = 1.4.0...

WordPress Admin Notices Manager Plugin <= 1.4.0 is vulnerable to Broken Access Control

Software Admin Notices Manager Type Plugin Vulnerable versions = 1.4.0 Fixed in 1.5.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1717 Patch priority Low CVSS severity Low 4.3 Developer Melapress PSID 95224798df4d Credits Lucio Sá Required privilege...

wpDiscuz < 7.6.12 - Cross-Site Request Forgery

Description The wpDiscuz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.6.11. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to dismiss admin notices via a...

CVE-2023-41672

Cross-Site Request Forgery CSRF vulnerability in Rémi Leclercq Hide admin notices – Admin Notification Center plugin = 2.3.2 versions...