EUVD-2023-59410

Malicious code in bioql PyPI...

CVE-2023-0522

The Enable/Disable Auto Login when Register WordPress plugin through 1.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2022-1885

The Cimy Header Image Rotator WordPress plugin through 6.1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2021-24804

The Simple JWT Login WordPress plugin before 3.2.1 does not have nonce checks when saving its settings, allowing attackers to make a logged in admin changed them. Settings such as HMAC verification secret, account registering and default user roles can be updated, which could result in site...

CVE-2023-7297

The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2024-8082

The Widgets Reset WordPress plugin (versions ≤ 0.1) contains a CSRF flaw in the settings update path caused by missing CSRF protection. This could enable a logged-in administrator to alter settings via a CSRF attack. Public materials identify the affected version, but none provide a confirmed pat...

CVE-2024-4480

The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its email settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress plugin WP SOCIAL BOOKMARK MENU security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

CVE-2022-1843

The MailPress WordPress plugin through 7.2.1 does not have CSRF checks in various places, which could allow attackers to make a logged in admin change the settings, purge log files and more via CSRF attacks...

WordPress plugin OpenBook Book Data 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress OpenBook Book Data plugin version 3.5.2 and earlier versions are vulnerable to cross-site request...

CVE-2022-1610

The Seamless Donations WordPress plugin before 5.1.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress plugin Amazon Einzeltitellinks 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Amazon Einzeltitellinks plugin 1.3.3 and earlier versions are vulnerable to cross-site...

Cross-Site Request Forgery (CSRF) in pkp/ojs

Description No CSRF token in DataCite save settings plugin OJS only POC document.forms0.submit; Impact This vulnerability is capable of tricking admins to change settings for OJS DataCite plugin...

Free Monthly Websites 2.0 Administrator Remote Password Change

========================================================================================== Title : Free Monthly Websites 2.0 Administrator Remote Password Change Date : 10/04/2013 Name : Free Monthly Websites Affected Version : 2.0 Vendor : http://www.freemonthlywebsites2.com/ Category : Web...

Zazavi <=1.2.1 Multiple (XSRF + Shell Upload) Vulnerabilities

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...