7 matches found
EUVD-2021-11755
Malware in sbrugna...
CVE-2021-24839 SupportCandy < 2.2.5 - Unauthenticated Arbitrary Ticket Deletion
The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsctickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction. Other actions may be affected as well...
SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF
The plugin does not have CRSF check in its wpsctickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction. PoC...
WordPress SupportCandy plugin <= 2.2.6 - Arbitrary Ticket Deletion via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Ticket Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Brandon Roldan in WordPress SupportCandy plugin versions = 2.2.6. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.7...
WordPress SupportCandy plugin <= 2.2.4 - Unauthenticated Arbitrary Ticket Deletion vulnerability
Unauthenticated Arbitrary Ticket Deletion vulnerability discovered by Brandon Roldan in WordPress SupportCandy plugin versions = 2.2.4. Solution Update the WordPress SupportCandy plugin to the latest available version at least 2.2.5...
SupportCandy < 2.2.7 - Arbitrary Ticket Deletion via CSRF
The plugin does not have CRSF check in its wpsctickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction...
JVN#87341298 Redmine vulnerable to cross-site request forgery
Redmine is a project management software. Redmine contains a cross-site request forgery vulnerability. Impact If a user views a malicious page while logged into Redmine, an arbitrary ticket may be deleted. Solution Update the Software Update to the latest version according to the information...