[SECURITY] Fedora 37 Update: bottles-51.6-1.fc37

Easily manage Wine prefix in a new way! Run Windows software and games on Linux. Features: Create bottles based on environments a set of rule and dependencies for better software compatibility Access to a customizable environment for all your experiments Run every executable .exe/.msi in your...

WP Dependency Installer < 4.3.1 - Subscriber+ Arbitrary Plugin Activation

The wp-dependency-installer library, used in the plugins does not have authorisation and CSRF checks in its dependencyinstaller AJAX action with the activate method, allowing any authenticated users, such as subscriber to activate arbitrary plugin installed on the blog. Furthermore, despite havin...

WP Dependency Installer < 4.3.1 - Arbitrary Plugin Installation from Dependency via CSRF

The wp-dependency-installer library, used in the plugins, does not have CSRF check in its dependencyinstaller AJAX action with the install method, which could allow attackers to make a logged in admin install plugins defined in the wp-dependencies.json via a CSRF attack. PoC The slug has to be...

WP Dependency Installer < 4.3.1 - Subscriber+ Arbitrary Plugin Activation

The wp-dependency-installer library, used in the plugins does not have authorisation and CSRF checks in its dependencyinstaller AJAX action with the activate method, allowing any authenticated users, such as subscriber to activate arbitrary plugin installed on the blog. Furthermore, despite havin...

WP Dependency Installer < 4.3.1 - Arbitrary Plugin Installation from Dependency via CSRF

The wp-dependency-installer library, used in the plugins, does not have CSRF check in its dependencyinstaller AJAX action with the install method, which could allow attackers to make a logged in admin install plugins defined in the wp-dependencies.json via a CSRF attack. The slug has to be presen...