CVE-2023-25015

CVE-2023-25015 concerns Clockwork Web prior to 0.1.2 when used with Rails

Clockwork Web 跨站请求伪造漏洞

Clockwork Web is the web interface for Clockwork. A security vulnerability exists in Clockwork Web versions prior to 0.1.2, which stems from a cross-site request forgery when using Rails versions prior to 5.2...

CVE-2023-25015

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF...

CVE-2023-25015

Clockwork Web before 0.1.2, when Rails before 5.2 is used, allows CSRF...

CSRF Vulnerability with Rails < 5.2

Clockwork Web is vulnerable to cross-site request forgery CSRF with Rails 5.2. A CSRF attack works by getting an authorized user to visit a malicious website and then performing requests on behalf of the user. In this instance, actions include enabling and disabling jobs...

clockwork-blue.at Cross Site Scripting vulnerability OBB-1389805

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Multiple WordPress Plugin Cross-Site Scripting Vulnerabilities

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports setting up personal blogging sites on servers with PHP and MySQL.WordPress Clockwork Free and Paid SMS Notifications and so on are used in which different types of SMS...

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

Design/Logic Flaw

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

CVE-2017-17780

CVE-2017-17780 describes a Reflected XSS in the Clockwork SMS WordPress integration. The vulnerability resides in clockwork-test-message.php and is triggered by a crafted value in the GET parameter to, e.g., wp-admin/admin.php?page=clockwork_test_message. The issue affects multiple plugins that e...

CVE-2017-17780

The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication -...

WordPress Two-Factor Authentication – Clockwork SMS plugin <=1.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress Two-Factor Authentication – Clockwork SMS plugin versions =1.0.3 Solution Update the WordPress Two-Factor Authentication – Clockwork SMS plugin to the latest available version at least 1.1.0...

WordPress Gravity Forms – Clockwork SMS plugin <=2.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress Gravity Forms – Clockwork SMS plugin versions =2.2. Solution Update the WordPress Gravity Forms – Clockwork SMS plugin to the latest available version at least 2.4.0...

WordPress Clockwork SMS Notfications plugin <=2.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress Clockwork SMS Notfications plugin versions =2.0.3. Solution Update the WordPress Clockwork SMS Notfications plugin to the latest available version at least 3.0.0...

WordPress Formidable – Clockwork SMS plugin <=1.0.3 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress Formidable – Clockwork SMS plugin versions =1.0.3. Solution Update the WordPress Formidable – Clockwork SMS plugin to the latest available version at least 1.1.0...

WordPress Contact Form 7 – Clockwork SMS plugin <=2.3.0 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress Contact Form 7 – Clockwork SMS plugin versions =2.3.0. Solution Update the WordPress Contact Form 7 – Clockwork SMS plugin to the latest available version at least 2.3.0...

WordPress WP e-Commerce – Clockwork SMS plugin <=2.0.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress WP e-Commerce – Clockwork SMS plugin versions =2.0.5. Solution Update the WordPress WP e-Commerce – Clockwork SMS plugin to the latest available version at least 2.4.2...

WordPress Booking Calendar – Clockwork SMS plugin <=1.0.5 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Elias Dimopoulos in WordPress Booking Calendar – Clockwork SMS plugin versions =1.0.5. Solution Update the WordPress Booking Calendar – Clockwork SMS plugin to the latest available version at least 1.1.0...