31 matches found
EUVD-2024-32393
Malicious code in bioql PyPI...
CVE-2025-1709 CVE-2025-1709
Several credentials for the local PostgreSQL database are stored in plain text partially base64 encoded...
CVE-2024-3824
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
WordPress Base64 Encoder/Decoder plugin <= 0.9.2 - Settings Reset via CSRF vulnerability
Settings Reset via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Base64 Encoder/Decoder versions = 0.9.2...
WordPress Base64 Encoder/Decoder plugin <= 0.9.2 - Stored XSS via CSRF vulnerability
Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Base64 Encoder/Decoder versions = 0.9.2...
WordPress Base64 Encoder/Decoder plugin <= 0.9.2 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Francisco Spínola in WordPress Plugin Base64 Encoder/Decoder versions = 0.9.2...
CVE-2024-3824
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-3824
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-3823
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-3822
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2024-3823 Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-3823 Base64 Encoder/Decoder <= 0.9.2 - Stored XSS via CSRF
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check when updating its settings, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-3824 Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-3824 Base64 Encoder/Decoder <= 0.9.2 - Settings Reset via CSRF
The Base64 Encoder/Decoder WordPress plugin through 0.9.2 does not have CSRF check in place when resetting its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack...
CVE-2024-3824
CVE-2024-3824 affects the WordPress plugin “Base64 Encoder/Decoder” up to version 0.9.2. The vulnerability arises from a missing CSRF check when resetting plugin settings, potentially allowing a logged-in attacker to trigger a CSRF reset on an admin. Public details consistently describe the issue...
CVE-2024-3822
CVE-2024-3822 corresponds to the WordPress plugin Base64 Encoder/Decoder (versions
WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Base64 Encoder/Decoder Type Plugin Vulnerable versions = 0.9.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-3824 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 51b5eb3fcb26 Credits Bob Matyas...
WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)
Software Base64 Encoder/Decoder Type Plugin Vulnerable versions = 0.9.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3822 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 72ed251444bf Credits Francisco Spínola...
PT-2024-27905 · WordPress · Base64 Encoder/Decoder
Name of the Vulnerable Software and Affected Versions: Base64 Encoder/Decoder WordPress plugin versions 0.9.2 and earlier Description: The issue concerns a lack of CSRF check when updating settings in the plugin, along with missing sanitization and escaping. This could allow attackers to make...
WordPress Base64 Encoder/Decoder Plugin <= 0.9.2 is vulnerable to Cross Site Scripting (XSS)
Software Base64 Encoder/Decoder Type Plugin Vulnerable versions = 0.9.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3823 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 27653189d20e Credits Bob Matyas Required...