10 matches found
CVE-2022-3747
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
CVE-2022-3747
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
CVE-2022-3747
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
CVE-2022-3747
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
Cross site request forgery (csrf)
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
CVE-2022-3747 Becustom <= 1.0.5.2 - Cross-Site Request Forgery
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
CVE-2022-3747 Becustom <= 1.0.5.2 - Cross-Site Request Forgery
The Becustom plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5.2. This is due to missing nonce validation when saving the plugin's settings. This makes it possible for unauthenticated attackers to update the plugin's settings like...
CVE-2022-3747
The BeCustom WordPress plugin (BeTheme BeCustom) up to version 1.0.5.2 is vulnerable to Cross-Site Request Forgery due to missing nonce validation when saving settings. This allows unauthenticated attackers to modify settings (e.g., betheme_url_slug, replaced_theme_author, betheme_label) via forg...
PT-2022-24014 · WordPress · Becustom
Name of the Vulnerable Software and Affected Versions: Becustom plugin for WordPress versions up to, and including, 1.0.5.2 Description: The issue is due to missing nonce validation when saving the plugin's settings, making it possible for unauthenticated attackers to update the plugin's settings...
WordPress BeCustom premium plugin <= 1.0.5.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to plugin settings change discovered by Julien Ahrens RCE Security in the WordPress BeCustom premium plugin versions = 1.0.5.2. Solution Update the WordPress BeCustom plugin to the latest available version at least 1.0.5.3...