6 matches found
CVE-2026-4325
A flaw was found in Keycloak. The SingleUseObjectProvider, a global key-value store, lacks proper type and namespace isolation. This vulnerability allows an attacker to delete arbitrary single-use entries, which can enable the replay of consumed action tokens, such as password reset links. This...
EUVD-2024-53106
Malicious code in bioql PyPI...
CVE-2022-0141 Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF
The Visual Form Builder WordPress plugin before 3.0.8 does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks...
WordPress Visual Form Builder plugin <= 3.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Entries Deletion/Restoration
Cross-Site Request Forgery CSRF vulnerability leading to Entries Deletion/Restoration discovered by Vishnupriya Ilango in WordPress Visual Form Builder plugin versions = 3.0.7. Solution Update the WordPress Visual Form Builder plugin to the latest available version at least 3.0.8...
Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF
The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks PoC Single entry trash: https://example.com/wp-admin/admin.php?page=vfb-entries=trash=2 Since entry permanent deletion:...
Visual Form Builder < 3.0.8 - Entries Deletion/Restoration via CSRF
The plugin does not enforce nonce checks which could allow attackers to make a logged in admin or editor delete and restore arbitrary form entries via CSRF attacks Single entry trash: https://example.com/wp-admin/admin.php?page=vfb-entries&action=trash&entry=2 Since entry permanent deletion:...