21 matches found
EUVD-2020-24162
Malware in sbrugna...
EUVD-2021-34174
Malicious code in bioql PyPI...
EUVD-2022-37006
Malicious code in bioql PyPI...
CVE-2019-16251
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes...
CVE-2019-25142
The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...
CVE-2020-36720
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...
CVE-2020-36720 Kali Forms <= 2.1.1 - Missing Authorization to Settings Update
The Kali Forms plugin for WordPress is vulnerable to Authenticated Options Change in versions up to, and including, 2.1.1. This is due to the updateoption lacking proper authentication checks. This makes it possible for any authenticated attacker to change or delete the plugin's settings...
CVE-2019-25142
The Mesmerize (up to 1.6.89) and Materialis (up to 1.0.172) WordPress themes are vulnerable to authenticated options changes due to companion_disable_popup not fully validating input before update_option. This allows authenticated attackers to modify restricted options. Remediation: upgrade Mesme...
CVE-2019-25142 Mesmerize <= 1.6.89 & Materialis <= 1.0.172 - Authenticated Arbitrary Options Update
The Mesmerize & Materialis themes for WordPress are vulnerable to authenticated options change in versions up to, and including,1.6.89 Mesmerize and 1.0.172 Materialis. This is due to 'companiondisablepopup' function only checking the nonce while sending user input to the 'updateoption' function...
WordPress plugin Accordions 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2022-21940 · WordPress · Biplob018 Shortcode Addons
Name of the Vulnerable Software and Affected Versions: Biplob018 Shortcode Addons plugin versions 3.1.2 and earlier Description: The issue allows authenticated options change in the Biplob018 Shortcode Addons plugin at WordPress. Recommendations: For Biplob018 Shortcode Addons plugin versions 3.1...
CVE-2022-36375 WordPress Tabs plugin <= 3.6.0 - Authenticated WordPress Options Change vulnerability
Authenticated high role user WordPress Options Change vulnerability in Biplob Adhikari's Tabs plugin = 3.6.0 at WordPress...
Advanced Shipment Tracking for WooCommerce < 3.2.7 - Authenticated Options Change
The plugin was vulnerable to Authenticated Options Change allowing authenticated users to update arbitrary WordPress options...
WordPress Flo Forms plugin <= 1.0.35 - Authenticated Options Change & Stored Cross-Site Scripting (XSS) vulnerability
Authenticated Options Change & Stored Cross-Site Scripting XSS vulnerability discovered by NinTechNet in WordPress Flo Forms plugin versions = 1.0.35. Solution Update the WordPress Flo Forms plugin to the latest available version at least 1.0.36...
Flo Forms < 1.0.36 - Authenticated Options Change to Stored XSS
The plugin was being actively exploited, allowing low privilege users to use the floimportformsoptions AJAX action to import new options and inject malicious JavaScript code in the backend...
WordPress The Official Facebook Chat Plugin <= 1.5 - Authenticated Options Change vulnerability
Authenticated Options Change vulnerability discovered by WordFence in WordPress The Official Facebook Chat Plugin versions = 1.5. Solution Update the WordPress The Official Facebook Chat Plugin to the latest available version at least 1.6...
WordPress Materialis theme <=1.0.172 - Authenticated Options Update vulnerability
Authenticated Options Update vulnerability found by NinTechNet in WordPress Materialis theme versions =1.0.172. Solution Update the WordPress Materialis theme to the latest available version at least 1.0.173...
CVE-2019-16251
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes...
Design/Logic Flaw
plugin-fw/lib/yit-plugin-panel-wc.php in the YIT Plugin Framework through 3.3.8 for WordPress allows authenticated options changes...
CVE-2019-16251
CVE-2019-16251 affects the YIT Plugin Framework (plugin-fw/lib/yit-plugin-panel-wc.php) up to version 3.3.8 used by WordPress plugins, allowing authenticated users to change plugin options. Connected sources confirm this affects multiple YITH plugins (Order Tracking, Custom Thank You Page for Woo...