CVE-2026-7615

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the savewidgetcontextsettings function. This makes it possible for unauthenticated attackers to modify widget...

CVE-2026-7615 Widget Context <= 1.3.3 - Cross-Site Request Forgery to Settings Update via 'wl' Parameter

The Widget Context plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing or incorrect nonce validation on the savewidgetcontextsettings function. This makes it possible for unauthenticated attackers to modify widget...

openSUSE Security Update : rhythmbox (openSUSE-SU-2012:0954-1)

This security update fixes problems in rhythmbox : - Add rhythmbox-CVE-2012-3355.patch: fix insecure temporary directory use in context plugin. bnc768681, CVE-2012-3355 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from...

Ubuntu: Security Advisory (USN-1503-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-1503-1] Rhythmbox vulnerability

========================================================================== Ubuntu Security Notice USN-1503-1 July 11, 2012 rhythmbox vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: -...

USN-1503-1: Rhythmbox vulnerability

Hans Spaans discovered that the Context plugin in Rhythmbox created a temporary directory in an insecure manner. A local attacker could exploit this to execute arbitrary code as the user invoking the program. The Context plugin is disabled by default in Ubuntu...