24 matches found
EUVD-2024-35443
Malicious code in bioql PyPI...
EUVD-2021-34232
Malicious code in bioql PyPI...
CVE-2024-35684
Cross-Site Request Forgery CSRF vulnerability in 10up ElasticPress elasticpress.This issue affects ElasticPress: from n/a through = 5.1.1...
CVE-2021-4405
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...
ElasticPress < 5.1.2 - Data Sync via CSRF
Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the dosync function. This makes it possible for unauthenticated attackers to sync data via a forged request granted they can trick a site administrator into performing an action such...
CVE-2024-35684
Cross-Site Request Forgery CSRF vulnerability in 10up ElasticPress.This issue affects ElasticPress: from n/a through 5.1.1...
CVE-2024-35684
Cross-Site Request Forgery CSRF vulnerability in 10up ElasticPress elasticpress.This issue affects ElasticPress: from n/a through = 5.1.1...
CVE-2024-35684
Technical details about CVE-2024-35684 (ElasticPress CSRF) are not publicly provided in the supplied documents. No affected versions, exploit info, or fixes are specified here; monitor for official advisories.
CVE-2024-35684 WordPress ElasticPress plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in 10up ElasticPress elasticpress.This issue affects ElasticPress: from n/a through = 5.1.1...
CVE-2024-35684 WordPress ElasticPress plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in 10up ElasticPress elasticpress.This issue affects ElasticPress: from n/a through = 5.1.1...
WordPress plugin ElasticPress Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request...
PT-2024-26632 · 10Up · Elasticpress
Name of the Vulnerable Software and Affected Versions: ElasticPress versions prior to 5.1.1 Description: A Cross-Site Request Forgery CSRF issue affects the 10up ElasticPress, allowing unauthorized actions to be performed on behalf of a user without their knowledge. Recommendations: For versions...
WordPress ElasticPress plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Ananda Dhakal Patchstack in WordPress Plugin ElasticPress versions = 5.1.1...
WordPress ElasticPress Plugin <= 5.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software ElasticPress Type Plugin Vulnerable versions = 5.1.1 Fixed in 5.1.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35684 Patch priority Low CVSS severity Low 4.3 Developer 10up PSID fbb3d18344c4 Credits Ananda Dhakal Patchstack Required...
CVE-2021-4405
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...
CVE-2021-4405
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...
Cross site request forgery (csrf)
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...
CVE-2021-4405
The ElasticPress plugin for WordPress is vulnerable to CSRF in versions up to and including 3.5.3 due to missing or incorrect nonce validation in the epio_send_autosuggest_allowed() function. This allows unauthenticated attackers to submit autosuggest parameters to elasticpress.io via forged requ...
CVE-2021-4405 ElasticPress <= 3.5.3 - Cross-Site Request Forgery Bypass
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...
CVE-2021-4405 ElasticPress <= 3.5.3 - Cross-Site Request Forgery Bypass
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...