Button Generator – easily Button Builder < 2.3.9 - Cross-Site Request Forgery

Description The Button Generator – easily Button Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.8. This is due to missing nonce validation on the btgcount function. This makes it possible for unauthenticated attackers to reset the...

WordPress Add to Cart Text Changer and Customize Button, Add Custom Icon Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Add to Cart Text Changer and Customize Button, Add Custom Icon Type Plugin Vulnerable versions = 2.0 Fixed in 2.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-49153 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PS...

The Non-Maskable Interrupt Button on a NetScaler Appliance

This article contains information about using Non-Maskable Interrupt NMI button on a NetScaler appliance. Requirements Review the NetScaler MPXHardware Platforms and NetScaler SDX Hardware Platforms page, to verify the NetScaler platforms that have the NMI button. NMI Button If the NetScaler...

WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Broken Access Control

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49154 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 0051a12ba9e7 Credits Elli...

WordPress Button Generator – easily Button Builder Plugin <= 2.3.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software Button Generator – easily Button Builder Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A5: Security Misconfiguration Classification Cross Site Request Forgery CSRF CVE CVE-2023-49155 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f69c6cdb268...

Mozilla: Clickjacking permission prompts using the fullscreen transition

The Mozilla Foundation Security Advisory describes this flaw as: The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant butto...

Mozilla: Clickjacking permission prompts using the fullscreen transition

The Mozilla Foundation Security Advisory describes this flaw as: The black fade animation when exiting fullscreen is roughly the length of the anti-clickjacking delay on permission prompts. It was possible to use this fact to surprise users by luring them to click where the permission grant butto...

CVE-2023-47829

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codez Quick Call Button plugin = 1.2.9 versions...

CVE-2023-47829

CVE-2023-47829 affects Codez Quick Call Button plugin for WordPress, with the vulnerability described as Cross-site Scripting due to improper input neutralization in web page generation. Affected versions are

CVE-2023-47829 WordPress Quick Call Button Plugin <= 1.2.9 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Codez Quick Call Button plugin = 1.2.9 versions...

CVE-2023-47765

Cross-Site Request Forgery CSRF vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin = 2.1.9 versions...

CVE-2023-47765

Cross-Site Request Forgery CSRF vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin = 2.1.9 versions...

CVE-2023-47765

CVE-2023-47765: Cross-Site Request Forgery in CodeBard’s Patron Button and Widgets for Patreon plugin (WordPress) &lt;= 2.1.9. Root cause: missing nonce validation enabling CSRF with unauthenticated attackers to forge actions. Affected versions:

CVE-2023-47765 WordPress CodeBard's Patron Button and Widgets for Patreon Plugin <= 2.1.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in CodeBard CodeBard's Patron Button and Widgets for Patreon plugin = 2.1.9 versions...

WordPress Plugin CodeBard s Patron Button and Widgets for Patreon Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. WordPress Plugin CodeBard s...

WordPress Plugin Quick Call Button Cross-Site Scripting Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...

PT-2023-30633 · Unknown · Codez Quick Call Button

Name of the Vulnerable Software and Affected Versions: Codez Quick Call Button plugin versions prior to 1.2.9 Description: The issue is related to improper neutralization of input during web page generation, which can lead to Cross-site Scripting. Recommendations: For versions prior to 1.2.9,...

The Citrix Workspace app cannot be reset via the command line

When installed by specifying an account Store URL from the command line, the Citrix Workspace app cannot be reset via the following command from the CLI. And the Delete button on the "Account-Edit" screen becomes inactive so that the account cannot be deleted. "C:\Program Files x86\Citrix\ICA...

CodeBard's Patron Button and Widgets for Patreon < 2.2.0 - Reflected XSS

Description The plugin does not sanitise and escape the cbp6tab parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

Alarm system cyberattack leaves those in need struggling to call for help

An alarm system company that allows those in need to ask for help at the touch of a button has suffered a cyberattack, causing serious disruption. Tunstall Netherlands says the attack left the control room struggling to receive distress calls from clients on Sunday November 12, 2023. Tunstall,...