6 matches found
WordPress Sitemap by click5 plugin存在未明漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Sitemap by click5 plugin version 1.0.36 has a security vulnerability that could be exploite...
WordPress TrustMate.io – integracja z WooCommerce plugin <= 1.7.0 - Arbitrary Blog Option Update vulnerability
Arbitrary Blog Option Update vulnerability discovered by WPScanTeam in WordPress TrustMate.io – integracja z WooCommerce plugin versions = 1.7.0. Solution Update the WordPress TrustMate.io – integracja z WooCommerce plugin to the latest available version at least 1.7.1...
uListing < 2.0.9 - Arbitrary Blog Option Update via CSRF
The plugin does not have CSRF check in the uListingimportlayout function, nor perform any validation on the option/post meta key to update to ensure it belongs to the plugin. As a result, attackers could make a logged in admin change any of the blog option such as siteurl, blogname etc as well as...
uListing < 2.0.9 - Arbitrary Blog Option Update via CSRF
The plugin does not have CSRF check in the uListingimportlayout function, nor perform any validation on the option/post meta key to update to ensure it belongs to the plugin. As a result, attackers could make a logged in admin change any of the blog option such as siteurl, blogname etc as well as...
Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update
The plugin does not have any CSRF and authorisation checks in the padismissadminnotice AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update...
Premium Addons for Elementor < 4.5.2 - Subscriber+ Arbitrary Blog Option Update
The plugin does not have any CSRF and authorisation checks in the padismissadminnotice AJAX action, available to any authenticated users, and do not validate the option key to ensure the option to update belongs to the plugin. As a result, any authenticated user, such as subscriber can update...