EUVD-2020-4160

Malware in sbrugna...

PT-2025-21512 · WordPress · Javascript Logic

Name of the Vulnerable Software and Affected Versions: JavaScript Logic WordPress plugin versions 0.1 and earlier Description: The issue concerns a lack of CSRF check in some areas of the plugin, along with missing sanitization and escaping. This could allow attackers to make logged-in admins add...

Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

SUSE-SU-2018:3247-1 Security update for MozillaThunderbird

This update for MozillaThunderbird to version 60.2.1 fixes the following issues: Update to Thunderbird 60.2.1: Calendar: Default values for the first day of the week and working days are now derived from the selected datetime formatting locale Calendar: Switch to a Photon-style icon set for all...