10 matches found
CVE-2026-32742 Parse Server session creation endpoint allows overwriting server-generated session fields
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.17 and 8.6.42, an authenticated user can overwrite server-generated session fields sessionToken, expiresAt, createdWith when creating a session object via POST...
EUVD-2021-11711
Malware in sbrugna...
CVE-2021-24799
The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress Far Future Expiry Header plugin cross-site request forgery vulnerability
WordPress is the WordPress Foundation's set of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers.The WordPress Far Future Expiry Header plugin is vulnerable to cross-site request forgery, which stems from the lack of a vali...
CVE-2021-24799
The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2021-24799
The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
Cross site request forgery (csrf)
The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2021-24799
The CVE-2021-24799 entry concerns the WordPress plugin Far Future Expiry Header (versions
CVE-2021-24799 Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF
The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
WordPress Far Future Expiry Header plugin <= 1.4 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability discovered by apple502j in WordPress Far Future Expiry Header plugin versions = 1.4. Solution Update the WordPress Far Future Expiry Header plugin to the latest available version...