14 matches found
EUVD-2021-11717
Malware in sbrugna...
CVE-2021-4408
The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation on the updateanswer function. This makes it possible for unauthenticated attackers to update answers to questions...
CVE-2021-4408
The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation on the updateanswer function. This makes it possible for unauthenticated attackers to update answers to questions...
CVE-2021-4408
The CVE-2021-4408 entry concerns the DW Question & Answer plugin for WordPress. A Cross-Site Request Forgery flaw exists in versions up to and including 1.5.8 due to missing or incorrect nonce validation in the update_answer() function, enabling unauthenticated attackers to update answers to ques...
CVE-2021-4408 DW Question & Answer <= 1.5.8 - Cross-Site Request Forgery Bypass
The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation on the updateanswer function. This makes it possible for unauthenticated attackers to update answers to questions...
CVE-2021-4408 DW Question & Answer <= 1.5.8 - Cross-Site Request Forgery Bypass
The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation on the updateanswer function. This makes it possible for unauthenticated attackers to update answers to questions...
PT-2023-12520 · WordPress · Dw Question & Answer Pro
Name of the Vulnerable Software and Affected Versions: DW Question & Answer plugin for WordPress versions up to, and including, 1.5.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the update answer function. This allows...
CVE-2021-24805
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not properly check for CSRF in some of its functions, allowing attackers to make logged in users perform unwanted actions, such as update a comment or a question status...
CVE-2021-24800
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments...
CVE-2021-24800 DW Question & Answer Pro <= 1.3.4 - Arbitrary Comment Edition via IDOR
The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments...
WordPress DW Question & Answer Pro premium plugin <= 1.3.4 - Multiple Cross-Site Request Forgery (CSRF) vulnerabilities
Multiple Cross-Site Request Forgery CSRF vulnerabilities were discovered by Brandon Roldan in WordPress DW Question & Answer Pro premium plugin versions = 1.3.4. Solution No patched version is available...
WordPress DW Question & Answer Pro premium plugin <= 1.3.4 - Arbitrary Comment Edition via IDOR vulnerability
Arbitrary Comment Edition via IDOR vulnerability discovered by Brandon Roldan in WordPress DW Question & Answer Pro premium plugin versions = 1.3.4. Solution No patched version is available...
WordPress DW Question Answer 1.4.2.2 Cross Site Scripting
FULL DISCLOSURE Product : DW Question Answer Exploit Author : Rahul Pratap Singh Version : 1.4.2.2 Home page Link : https://wordpress.org/plugins/dw-question-answer/ Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 11/3/2016 XSS Vulnerability:...
DW Question & Answer <= 1.4.2.2 - Stored Cross-Site Scripting (XSS)
The DW Question & Answer WordPress plugin was affected by a Stored Cross-Site Scripting XSS security vulnerability...