13 matches found
CVE-2022-0191
The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...
EUVD-2022-15394
Malicious code in bioql PyPI...
CVE-2022-0191
The Ad Invalid Click Protector AICP WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans...
CVE-2022-0191
The CVE-2022-0191 entry concerns the Ad Invalid Click Protector (AICP) WordPress plugin prior to version 1.2.7. The root cause is a missing CSRF check when deleting banned users, allowing a logged-in administrator to remove arbitrary bans via CSRF. Documents confirm this affects the AICP plugin a...
WordPress plugin Ad Invalid Click Protector 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Ad Invalid Click Protector plugin versions prior to 1.2.7 are vulnerable to cross-site...
Ad Invalid Click Protector (AICP) < 1.2.7 - Reflected Cross-Site Scripting
The plugin does not have sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting alert/XSS/' /...
Ad Invalid Click Protector (AICP) < 1.2.7 - Reflected Cross-Site Scripting
The plugin does not have sanitise and escape the page parameter before outputting it back in an attribute, leading to a Reflected cross-Site Scripting PoC...
Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF
The plugin does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans https://example.com/wp-admin/admin.php?page=aicpbanneduserdetails&action=delete&id=1...
Ad Invalid Click Protector (AICP) < 1.2.7 - Arbitrary Ban Deletion via CSRF
The plugin does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans PoC https://example.com/wp-admin/admin.php?page=aicpbanneduserdetails=delete=1...
CVE-2022-0190
The Ad Invalid Click Protector AICP WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action...
CVE-2022-0190 Ad Invalid Click Protector (AICP) < 1.2.6 - Authenticated SQL Injection
The Ad Invalid Click Protector AICP WordPress plugin before 1.2.6 is affected by a SQL Injection in the id parameter of the delete action...
CVE-2022-0190
The CVE-2022-0190 entry concerns the Ad Invalid Click Protector (AICP) WordPress plugin, affected in versions prior to 1.2.6. The root cause is a SQL Injection vulnerability in the id parameter of the delete action, enabling an attacker to manipulate database queries. Impact is described as Parti...
WordPress和WordPress plugin SQL注入漏洞
WordPress is a blogging platform developed by the Wordpress Foundation using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.A SQL injection vulnerability exists in versions prior to WordPress Ad Invalid Click Protector AICP plugin 1.2.6, which stems from ...