EUVD-2022-34468

Malicious code in bioql PyPI...

CVE-2022-2184

The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server...

WordPress CAPTCHA 4WP Plugin <= 7.0.5 is vulnerable to Cross Site Scripting (XSS)

Software CAPTCHA 4WP Type Plugin Vulnerable versions = 7.0.5 Fixed in 7.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Melapress PSID 538e2b5c193e Credits Rafie Muhammad Patchstack Required privilege...

WordPress CAPTCHA 4WP Plugin < 7.1.0 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpwhitesecurity:captcha4wp"; if description...

CVE-2022-2184

The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server...

Cross site request forgery (csrf)

The CAPTCHA 4WP WordPress plugin before 7.1.0 lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server...

CVE-2022-2184

The CVE-2022-2184 entry concerns the WordPress CAPTCHA 4WP plugin prior to version 7.1.0. Affected software: CAPTCHA 4WP WordPress plugin (versions before 7.1.0). Root cause: an input flow enables reaching a sensitive require_once call within an admin-side template, which CSRF can abuse. Impact: ...

PT-2022-15165 · WordPress · Captcha 4Wp

Name of the Vulnerable Software and Affected Versions: CAPTCHA 4WP WordPress plugin versions prior to 7.1.0 Description: The issue allows user input to reach a sensitive require once call in one of its admin-side templates. This can be exploited by attackers via a Cross-Site Request Forgery attac...

WordPress plugin CAPTCHA 4WP 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...

CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF

The plugin lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. PoC 1 Create a malicious PHP script $ echo ' shell.php 2 Add it to a fake .doc file, who...

CAPTCHA 4WP < 7.1.0 - Local File Inclusion via CSRF

The plugin lets user input reach a sensitive requireonce call in one of its admin-side templates. This can be abused by attackers, via a Cross-Site Request Forgery attack to run arbitrary code on the server. 1 Create a malicious PHP script $ echo ' shell.php 2 Add it to a fake .doc file, who will...

WordPress CAPTCHA 4WP plugin <= 7.0.6.1 - Local File Inclusion (LFI) via Cross-Site Request Forgery (CSRF) vulnerability

Local File Inclusion LFI via Cross-Site Request Forgery CSRF vulnerability was discovered by ZhongFu Su JrXnm in the WordPress CAPTCHA 4WP plugin versions = 7.0.6.1. Solution Update the WordPress CAPTCHA 4WP plugin to the latest available version at least 7.1.0...

WordPress CAPTCHA 4WP plugin < 7.0.5 - Toggle The Debug Mode via Cross-Site Request Forgery (CSRF) vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress CAPTCHA 4WP plugin versions 7.0.5. Solution Update the WordPress CAPTCHA 4WP plugin to the latest available version at least 7.0.5...