EUVD-2022-25172

Malicious code in bioql PyPI...

CVE-2022-1900

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web...

WordPress plugin Copify cross-site request forgery vulnerability

WordPress is a set of blogging platform developed using the PHP language. A cross-site request forgery vulnerability exists in the WordPress plugin Copify 1.3.0 and prior versions, which stems from a lack of random number validation on the CopifySettings page. An attacker could exploit this...

CVE-2022-1900

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web...

CVE-2022-1900

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web...

Cross site request forgery (csrf)

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web...

CVE-2022-1900 Copify <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web...

CVE-2022-1900 Copify <= 1.3.0 - Cross-Site Request Forgery to Cross-Site Scripting

The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web...

CVE-2022-1900

The CVE-2022-1900 issue affects the Copify plugin for WordPress (versions up to 1.3.0). Root cause: missing nonce validation on the CopifySettings page, enabling CSRF. Impact: unauthenticated attackers could update plugin settings and inject malicious scripts via forged requests if a site adminis...

PT-2022-14179 · WordPress · Copify

Name of the Vulnerable Software and Affected Versions: Copify plugin for WordPress versions up to, and including, 1.3.0 Description: The issue is due to missing nonce validation on the CopifySettings page, making it possible for unauthenticated attackers to update the plugin's settings and inject...

WordPress plugin Copify 跨站请求伪造漏洞

WordPress is a set of blogging platform developed using the PHP language. A cross-site request forgery vulnerability exists in the WordPress plugin Copify 1.3.0 and prior versions, which stems from a lack of random number validation on the CopifySettings page. An attacker could exploit this...

Copify <= 1.3.0 - Stored Cross-Site Scripting via CSRF

The plugin does not have CSRF when updating its settings, and it also missing sanitisation as well as escaping in some of them. This could allow attackers to make a logged in admin update them and put Stored Cross-Site Scripting payloads in them...

WordPress Copify plugin <= 1.3.0 - Cross-Site Request Forgery (CSRF) vulnerability to Cross-Site Scripting (XSS)

Cross-Site Request Forgery CSRF vulnerability to Cross-Site Scripting XSS was discovered by Yuki Hoshi Cryptography Laboratory in Tokyo Denki University in the WordPress Copify plugin versions = 1.3.0 Solution Deactivate and delete. This plugin has been closed as of May 27, 2022 and is not...