215 matches found
CVE-2023-47666 WordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0...
PT-2023-30551 · Unknown · Code Snippets
Name of the Vulnerable Software and Affected Versions: Code Snippets versions n/a through 3.5.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in Code Snippets Pro Code Snippets. This type of vulnerability allows an attacker to trick a user into performing unintended...
WordPress Plugin Code Snippets Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
WordPress Code Snippets Plugin <= 3.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Code Snippets Type Plugin Vulnerable versions = 3.5.0 Fixed in 3.6.0 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-47666 Patch priority Low CVSS severity Low 4.3 Developer Code Snippets Pro PSID 3f0e2c5bc521 Credits Huynh Tien Si...
CVE-2021-4418
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save code snippets via a forged...
CVE-2020-36759
The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions function. This makes it possible for unauthenticated attackers to activate and deactivate snippe...
Cross site request forgery (csrf)
The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions function. This makes it possible for unauthenticated attackers to activate and deactivate snippe...
Cross site request forgery (csrf)
The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save code snippets via a forged...
CVE-2020-36759
CVE-2020-36759 concerns the Woody code snippets plugin for WordPress. Affected: WordPress plugin “ Woody code snippets” (versions up to and including 2.3.9). Root cause: missing or incorrect nonce validation in the runActions() function enables CSRF. Impact: unauthenticated attackers could activa...
WordPress Plugin Woody code snippets Cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
SAP BusinessObjects Business Intelligence Platform Security Vulnerability
SAP BusinessObjects Business Intelligence Platform is a complete business analytics platform from SAP. The platform combines market-leading SAP data integration products, data management products, and business intelligence BI products to eliminate system integration challenges and quickly and...
PT-2023-25992 · Sap · Sap Businessobjects Business Intelligence Platform
Name of the Vulnerable Software and Affected Versions: SAP BusinessObjects Business Intelligence Platform Version Management System version 403 Description: The issue is due to the lack of validation, which allows an unauthenticated user to read code snippets through the UI. This results in a low...
WordPress Easy Code Snippets Plugin <= 1.0.2 is vulnerable to Cross Site Scripting (XSS)
Software Easy Code Snippets Type Plugin Vulnerable versions = 1.0.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 282dfece7848 Credits Rafie Muhammad Patchstack...
Auto Dealer Management System 1.0 - Broken Access Control Exploit
Exploit Title: Auto Dealer Management System 1.0 - Broken Access Control Exploit It leads to compromise of all application accounts by accessing the ?page=user/list with low privileged user account Date: 18 February 2023 CVE Assigned: CVE-2023-0916 mitre.org nvd.nist.org Author: Muhammad Navaid...
CVE-2023-23650
Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in MainWP MainWP Code Snippets Extension plugin = 4.0.2 versions...
CVE-2023-23650
Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in MainWP MainWP Code Snippets Extension plugin = 4.0.2 versions...
Cross site scripting
Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in MainWP MainWP Code Snippets Extension plugin = 4.0.2 versions...
CVE-2023-23650 WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)
Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in MainWP MainWP Code Snippets Extension plugin = 4.0.2 versions...
CVE-2023-23650 WordPress MainWP Code Snippets Extension Plugin <= 4.0.2 is vulnerable to Cross Site Scripting (XSS)
Auth. subscriber+ Stored Cross-Site Scripting XSS vulnerability in MainWP MainWP Code Snippets Extension plugin = 4.0.2 versions...
CVE-2023-23650
Summary: CVE-2023-23650 affects the WordPress plugin MainWP Code Snippets Extension for versions