11 matches found
EUVD-2023-59142
Malicious code in bioql PyPI...
CVE-2023-6946
The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress Autotitle for WordPress Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Autotitle for WordPress Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6946 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 89d669161c10 Credits Daniel Ruf...
CVE-2023-6946
The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-6946
The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Cross site request forgery (csrf)
The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-6946 Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF
The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2023-6946
CVE-2023-6946 affects the WordPress plugin Autotitle for WordPress (pre-1.0.4). The root cause is absence of a CSRF check when updating plugin settings, enabling a logged-in admin (or attacker with similar access) to modify settings via a CSRF attack, which the reports also describe as enabling s...
CVE-2023-6946 Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF
The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress plugin Autotitle security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
Autotitle for WordPress <= 1.0.3 - Settings Update to Stored XSS via CSRF
Description The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. document.forms0.submit;...