12 matches found
EUVD-2022-25106
Malicious code in bioql PyPI...
CVE-2022-1830
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
WordPress Amazon single title links plugin跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Amazon Einzeltitellinks plugin 1.3.3 and earlier versions are vulnerable to cross-site...
CVE-2022-1830
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
CVE-2022-1830
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
Cross site scripting
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
CVE-2022-1830 Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping...
CVE-2022-1830
CVE-2022-1830 affects the WordPress plugin Amazon Einzeltitellinks (versions ≤ 1.3.3). The root cause is absence of CSRF protection when updating settings, allowing an authenticated admin to perform changes via CSRF and triggering Stored XSS due to insufficient sanitisation/escaping. Exploitation...
WordPress plugin Amazon Einzeltitellinks 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Amazon Einzeltitellinks plugin 1.3.3 and earlier versions are vulnerable to cross-site...
Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping PoC...
WordPress Amazon Einzeltitellinks plugin <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF vulnerability
Arbitrary Settings Update to Stored XSS via CSRF vulnerability discovered by Daniel Ruf in WordPress Amazon Einzeltitellinks plugin versions = 1.3.3. Solution Deactivate and delete...
Amazon Einzeltitellinks <= 1.3.3 - Arbitrary Settings Update to Stored XSS via CSRF
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping ' document.getElementById"test".submit;...