110 matches found
CVE-2024-2968
The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
EUVD-2020-21938
Malware in sbrugna...
EUVD-2004-0274
Malware in sbrugna...
EUVD-2024-27909
Malicious code in bioql PyPI...
EUVD-2024-27908
Malicious code in bioql PyPI...
Malicious code in eggdrop (npm)
The package eggdrop was found to contain malicious code...
MAL-2025-19248 Malicious code in eggdrop (npm)
The package eggdrop was found to contain malicious code...
CVE-2020-29576
The official eggdrop Docker images before 1.8.4rc2 contain a blank password for a root user. Systems using the Eggdrop Docker container deployed by affected versions of the Docker image may allow an remote attacker to achieve root access with a blank password...
WordPress WP-Eggdrop plugin <= 0.1 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Benedictus Jovan in WordPress Plugin WP-Eggdrop versions = 0.1...
WordPress WP-Eggdrop Plugin <= 0.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software WP-Eggdrop Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2969 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID cd2dee04842f Credits Benedictus Jovan Required...
WordPress WP-Eggdrop plugin <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting vulnerability
Authenticated Admin+ Stored Cross-Site Scripting vulnerability discovered by Benedictus Jovan in WordPress Plugin WP-Eggdrop versions = 0.1...
CVE-2024-2969
The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...
CVE-2024-2968
The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
CVE-2024-2969
The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...
CVE-2024-2969 WP-Eggdrop <= 0.1 - Cross-Site Request Forgery to Settings Update
The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...
CVE-2024-2969 WP-Eggdrop <= 0.1 - Cross-Site Request Forgery to Settings Update
The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...
CVE-2024-2968 WP-Eggdrop <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting
The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
WordPress WP-Eggdrop Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)
Software WP-Eggdrop Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2968 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 803cdc78c1d9 Credits Benedictus Jovan Required privile...
WordPress Plugin WP-Eggdrop 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Plugin WP-Eggdrop 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...