27 matches found
EUVD-2023-46146
Malicious code in bioql PyPI...
EUVD-2023-46147
Malicious code in bioql PyPI...
CVE-2023-41654
Cross-Site Request Forgery CSRF vulnerability in Andreas Heigl authLdap plugin = 2.5.8 versions...
CVE-2023-41655
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Andreas Heigl authLdap plugin = 2.5.9 versions...
authLdap < 2.5.9 - Settings Update via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-41654
Cross-Site Request Forgery CSRF vulnerability in Andreas Heigl authLdap plugin = 2.5.8 versions...
CVE-2023-41654
Cross-Site Request Forgery CSRF vulnerability in Andreas Heigl authLdap plugin = 2.5.8 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Andreas Heigl authLdap plugin = 2.5.8 versions...
CVE-2023-41654 WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Andreas Heigl authLdap plugin = 2.5.8 versions...
CVE-2023-41654 WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Andreas Heigl authLdap plugin = 2.5.8 versions...
CVE-2023-41654
CVE-2023-41654 affects the WordPress plugin authLdap (versions <= 2.5.8). The issue is a Cross-Site Request Forgery (CSRF) vulnerability due to missing CSRF protection when updating settings. A fix is available in version 2.5.9; upgrading to that version mitigates the vulnerability. Other conn...
WordPress Plugin authLdap Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2023-41655
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Andreas Heigl authLdap plugin = 2.5.9 versions...
CVE-2023-41655
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Andreas Heigl authLdap plugin = 2.5.9 versions...
CVE-2023-41655
CVE-2023-41655 affects the WordPress plugin authLdap (by Andreas Heigl). Public records describe an Authenticated Stored Cross-Site Scripting (XSS) vulnerability exploitable by an Administrator (admin+) due to input handling in the plugin. Vulnerable versions are listed as
CVE-2023-41655 WordPress authLdap Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Andreas Heigl authLdap plugin = 2.5.9 versions...
CVE-2023-41655 WordPress authLdap Plugin <= 2.5.9 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Andreas Heigl authLdap plugin = 2.5.9 versions...
WordPress plugin authLdap cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting vulnerabilit...
PT-2023-28027 · Andreas Heigl · Authldap Plugin
Name of the Vulnerable Software and Affected Versions: Andreas Heigl authLdap plugin versions = 2.5.9 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin+ privileges can inject malicious scripts into the...
authLdap <= 2.5.9 - Admin+ Stored XSS
Description The plugin does not validate and escape some parameters, which could allow users with the admin role and above to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...