CVE-2022-2382

The Product Slider for WooCommerce WordPress plugin before 2.5.7 has flawed CSRF checks and lack authorisation in some of its AJAX actions, allowing any authenticated users, such as subscriber to call them. One in particular could allow them to delete arbitrary blog options...

CVE-2022-27174

Cross-site request forgery CSRF vulnerability in Easy Blog for EC-CUBE4 Ver.1.0.1 and earlier allows a remote unauthenticated attacker to hijack the authentication of the administrator and delete a blog article or a category via a specially crafted page...

CVE-2022-0229

The miniOrange's Google Authenticator WordPress plugin before 5.5 does not have proper authorisation and CSRF checks when handling the reconfigureMethod, and does not validate the parameters passed to it properly. As a result, unauthenticated users could delete arbitrary options from the blog,...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...

CVE-2009-4365

Multiple cross-site request forgery CSRF vulnerabilities in admin.php in ScriptsEz Ez Blog 1.0 allow remote attackers to hijack the authentication of administrators for requests that 1 add a blog via the addblog action, 2 approve a comment via the approvecomment action, 3 change administrator...

Simple PHP Blog config/users.php Arbitrary User Password Hash Disclosure

The version of Simple PHP Blog installed on the remote host allows an unauthenticated, remote attacker to retrieve information about non-admin users defined to the application, including their user names and password hashes, which could in turn be used to gain access to the application. While the...