23 matches found
EUVD-2017-14497
Malware in sbrugna...
EUVD-2025-4548
Malicious code in bioql PyPI...
CVE-2025-9628
The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers to modify critic...
CVE-2025-9628
The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers to modify critic...
CVE-2025-9628 The integration of the AMO.CRM <= 1.0.1 - Cross-Site Request Forgery
The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers to modify critic...
CVE-2025-9628 The integration of the AMO.CRM <= 1.0.1 - Cross-Site Request Forgery
The The integration of the AMO.CRM plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the settingspage function. This makes it possible for unauthenticated attackers to modify critic...
WordPress The integration of the AMO.CRM plugin <= 1.0.1 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Claw.k in WordPress Plugin The integration of the AMO.CRM versions = 1.0.1...
WordPress plugin AMO.CRM 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...
CVE-2025-1407 AMO Team Showcase <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via amoteam_skills Shortcode
The AMO Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's amoteamskills shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
CVE-2025-1407 AMO Team Showcase <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via amoteam_skills Shortcode
The AMO Team Showcase plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's amoteamskills shortcode in all versions up to, and including, 1.1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
WordPress AMO Team Showcase plugin <= 1.1.4 - Authenticated (Contributor+) Stored Cross-Site Scripting via amoteam_skills Shortcode vulnerability
Authenticated Contributor+ Stored Cross-Site Scripting via amoteamskills Shortcode vulnerability discovered by Krzysztof Zając in WordPress Plugin AMO Team Showcase versions = 1.1.4...
Server side request forgery (ssrf)
Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...
CVE-2022-40700 Server Side Request Forgery (SSRF) vulnerability affecting multiple WordPress plugins
Server-Side Request Forgery SSRF vulnerability in Montonio Montonio for WooCommerce, Wpopal Wpopal Core Features, AMO for WP – Membership Management ArcStone wp-amo, Long Watch Studio WooVirtualWallet – A virtual wallet for WooCommerce, Long Watch Studio WooVIP – Membership plugin for WordPress a...
PT-2024-11631 · Agence Press · Css Adder By Agence-Press
Name of the Vulnerable Software and Affected Versions: Montonio for WooCommerce versions 6.0.1 and earlier Wpopal Core Features versions 1.5.8 and earlier ArcStone wp-amo versions 4.6.6 and earlier WooVirtualWallet – A virtual wallet for WooCommerce versions 2.2.1 and earlier WooVIP – Membership...
M-07 Unmitigated
Lines of code Vulnerability details Comments The very first point that needs to be made, is that, according to the Mitigation Review details: In production we have planned to use MEV Protection services such as flashbots rpc The MEV Protection rpc ensure the rebalance and defender won't be affect...
Inconsistent check for LP balance in AMO
Lines of code Vulnerability details Inconsistent check for LP balance in AMO While pulling LP tokens from the CVXStaker contract, the AMO queries the current available balance using the staked balance, which is inconsistent with the implementation of the withdraw function. Impact Curve LP tokens...
Rebalance amounts should be checked so that updated balances falls within thresholds
Lines of code Vulnerability details Rebalance amounts should be checked so that updated balances falls within thresholds Rebalance operations are allowed when the current percentage of xETH in the Curve pool is outside the defined thresholds. However, there is no check to ensure that the amount o...
Unspent allowance may break functionality in AMO
Lines of code Vulnerability details Unspent allowance may break functionality in AMO An unspent allowance may cause a denial of service during the calls to safeApprove in the AMO contract. Impact The AMO contract uses the safeApprove function to grant the Curve pool permission to spend funds whil...
WordPress AMO for WP – Membership Management Plugin <= 4.6.6 is vulnerable to Server Side Request Forgery (SSRF)
Software AMO for WP – Membership Management Type Plugin Vulnerable versions = 4.6.6 Fixed in N/A OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2022-40700 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 9e6059b126e6 Credits Dave Jong...
CVE-2017-5393
The "mozAddonManager" allows for the installation of extensions from the CDN for addons.mozilla.org, a publicly accessible site. This could allow malicious extensions to install additional extensions from the CDN in combination with an XSS attack on Mozilla AMO sites. This vulnerability affects...