62 matches found
WordPress Plugin WP Automatic SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress Plugin WP Automatic is vulnerable...
Automatic < 3.92.1 - Unauthenticated SQL Injection
Description The Automatic plugin for WordPress is vulnerable to SQL Injection in versions up to, and including, 3.92.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to...
Automatic < 3.92.1 - Cross-Site Request Forgery to Privilege Escalation
Description The Automatic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.92.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to escalate their privileges via a forged...
WordPress Automatic Plugin <= 3.92.0 is vulnerable to SQL Injection
Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2024-27956 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID aeab56860169 Credits Rafie Muhammad Patchstack Required privilege...
WordPress Automatic Plugin <= 3.92.0 is vulnerable to Arbitrary File Download
Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A1: Broken Access Control Classification Arbitrary File Download CVE CVE-2024-27954 Patch priority High CVSS severity High 9.3 Developer Claim ownership PSID 9c2571e1c78b Credits Rafie Muhammad Patchstack...
WordPress Automatic Plugin <= 3.92.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Automatic Type Plugin Vulnerable versions = 3.92.0 Fixed in 3.92.1 OWASP Top 10 A8: Cross Site Request Forgery CSRF Classification Cross Site Request Forgery CSRF CVE CVE-2024-27955 Patch priority Low CVSS severity Low 8.8 Developer Claim ownership PSID cf1662afb1ce Credits Rafie Muhamma...
PT-2024-3157 · WordPress · Wp Automatic
Name of the Vulnerable Software and Affected Versions: WP Automatic versions through 3.92.0 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as a 'Path Traversal' vulnerability, in WP Automatic. This vulnerability allows for Path...
CVE-2021-4380 Pinterest Automatic <= 4.14.3 - Unuathenticated Arbitrary Options Update
The Pinterest Automatic plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on the 'wppinterestautomaticparserequest' function and the 'processform.php' script in versions up to, and including, 1.14.3. This makes it possible for unauthenticated attackers to...
CVE-2021-4374
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...
Authorization
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...
CVE-2021-4374
CVE-2021-4374 affects WordPress Automatic Plugin versions up to 3.53.2. The root cause is missing authorization and option validation in process_form.php, allowing unauthenticated users to update arbitrary WordPress options (via update_option()) and potentially compromise the site. The nuclei tem...
CVE-2021-4374 WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...
CVE-2021-4374 WordPress Automatic Plugin <= 3.53.2 - Unauthenticated Arbitrary Options Update
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...
WordPress Plugin WordPress Automatic 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress WP Sessions Time Monitoring Full Automatic plugin <= 1.0.5 - Sensitive Information Disclosure vulnerability
Sensitive Information Disclosure vulnerability discovered in WordPress WP Sessions Time Monitoring Full Automatic plugin versions = 1.0.5. Solution Update the WordPress WP Sessions Time Monitoring Full Automatic plugin to the latest available version at least 1.0.6...
VulnCheck KEV: CVE-2021-4374
The WordPress Automatic Plugin for WordPress is vulnerable to arbitrary options updates in versions up to, and including, 3.53.2. This is due to missing authorization and option validation in the processform.php file. This makes it possible for unauthenticated attackers to arbitrarily update the...
WordPress Automatic < 3.53.3 - Unauthenticated Arbitrary Options Update
The plugin was vulnerable to Unauthenticated Arbitrary Options Update...
Automatic 2.0.3 - csv.php q Parameter SQL Injection
The wp-automatic WordPress plugin was affected by a csv.php q Parameter SQL Injection security vulnerability...
WordPress Automatic Plugin "q" SQL注入漏洞
WordPress是一种使用PHP语言和MySQL数据库开发的Blog(博客、网志引擎,用户可以在支持PHP和MySQL数据库的服务器上建立自己的Blog。 Wordpress Automatic Plugin for WordPress 2.0.3之前版本没有验证通过"q"参数传递到csv.php的输入即用作SQL查询,csv.php文件没有要求有效的登录凭证,通过注入任意SQL代码可操作SQL查询,执行SQL注入攻击。 0 WordPress Automatic Plugin 2.x 厂商补丁: WordPress ---------...
WordPress Automatic 2.0.3 Cross Site Request Forgery
Title: ====== Wordpress Automatic Plugin v2.0.3 CSRF Exploit Date: ===== 2012-06-15 Website: =========== http://codecanyon.net/item/wordpress-automatic-plugin/1904470 Introduction: ============= Wordpress automatic plugin posts quality targeted articles, Amazon Products, clickbank Products, Youtu...