EUVD-2022-34381

Malicious code in bioql PyPI...

CVE-2022-2091

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack...

CVE-2022-2091

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack...

Cross site request forgery (csrf)

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack...

CVE-2022-2091

CVE-2022-2091 affects the WordPress Cache Images plugin prior to version 3.2.1. The root cause is missing nonce checks, enabling CSRF to cause any logged-in user to upload images. Public PoCs demonstrate the CSRF workflow. Remediation: update to version 3.2.1 or later (apply the vendor patch).

CVE-2022-2091 Cache Images < 3.2.1 - Image Upload / Import via CSRF

The Cache Images WordPress plugin before 3.2.1 does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack...

WordPress plugin Cache Images 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

Cache Images < 3.2.1 - Image Upload / Import via CSRF

The plugin does not implement nonce checks, which could allow attackers to make any logged user upload images via a CSRF attack. PoC Allows import of any images with any user level...

WordPress Cache Images plugin <= 3.2 - Image Upload / Import via Cross-Site Request Forgery (CSRF) vulnerability

Image Upload / Import via Cross-Site Request Forgery CSRF vulnerability was discovered by Daniel Ruf in the WordPress Cache Images plugin versions = 3.2. Solution Update the WordPress Cache Images plugin to the latest available version at least 3.2.1...

WordPress Cache Images plugin <= 3.1 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered in WordPress Cache Images plugin versions = 3.1. Solution Update the WordPress Cache Images plugin to the latest available version at least 3.2...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1275-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...

Security update for nextcloud (important)

openSUSE Security Update: Security update for nextcloud Announcement ID: openSUSE-SU-2021:1252-1 Rating: important References: 1190291 Cross-References: CVE-2021-32766 CVE-2021-32800 CVE-2021-32801 CVE-2021-32802 CVSS scores: CVE-2021-32800 NVD : 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N...