11 matches found
EUVD-2022-34696
Malicious code in bioql PyPI...
CVE-2022-2435
The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for unauthenticated attackers to...
CVE-2022-2435
The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for unauthenticated attackers to...
CVE-2022-2435
The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for unauthenticated attackers to...
CVE-2022-2435
The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for unauthenticated attackers to...
CVE-2022-2435 AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting
The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for unauthenticated attackers to...
CVE-2022-2435 AnyMind Widget <= 1.1 - Cross-Site Request Forgery to Cross-Site Scripting
The AnyMind Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.1. This is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for unauthenticated attackers to...
PT-2022-16633
Name of the Vulnerable Software and Affected Versions AnyMind Widget plugin for WordPress versions up to, and including 1.1 Description The issue is due to missing nonce protection on the createDOMStructure function found in the /anymind-widget-id.php file. This makes it possible for...
WordPress plugin AnyMind Widget 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin AnyMind Widget 1.1 and...
WordPress AnyMind Widget plugin <= 1.1 - Cross-Site Request Forgery (CSRF) vulnerability leading to Cross-Site Scripting (XSS)
Cross-Site Request Forgery CSRF vulnerability leading to Cross-Site Scripting XSS discovered by Sho Sakata in WordPress AnyMind Widget plugin versions = 1.1. Solution Deactivate and delete. This plugin has been closed as of June 30, 2022 and is not available for download. This closure is temporar...
AnyMind Widget <= 1.1 - Stored Cross-Site Scripting via CSRF
The plugin does not have CSRF check in place when updating the setWidgetId setting, and does not have sanitisation as well as escaping applied to it, which could allow attackers to make a logged in admin put a Cross-Site Scripting payload in it via CSRF attack...