86 matches found
VulnCheck KEV: CVE-2023-47248
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files. This vulnerability only...
CVE-2023-49861
Missing Authorization vulnerability in socialmediafeather Social Media Feather social-media-feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through = 2.1.3...
CVE-2023-49861 WordPress Social Media Feather plugin <= 2.1.3 - Broken Access Control vulnerability
Missing Authorization vulnerability in socialmediafeather Social Media Feather social-media-feather allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Media Feather: from n/a through = 2.1.3...
PT-2024-13825 · Unknown · Social Media Feather
Name of the Vulnerable Software and Affected Versions: Social Media Feather versions 2.1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For Social Media Feath...
WordPress plugin Social Media Feather 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
CVE-2024-31923
Cross-Site Request Forgery CSRF vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5...
CVE-2024-31923
CVE-2024-31923 covers a CSRF vulnerability in Feather Login Page for WordPress. The connected documents specify the issue as a Cross-Site Request Forgery via saveData() affecting Feather Login Page versions up to 1.1.5 (no exact minimum version provided in the sources). The CVSS vector in the Ini...
CVE-2024-31923 WordPress Feather Login Page plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in PluginOps Feather Login Page.This issue affects Feather Login Page: from n/a through 1.1.5...
WordPress Plugin Feather Login Page Designer 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
PT-2024-24286 · Pluginops · Pluginops Feather Login Page
Name of the Vulnerable Software and Affected Versions: PluginOps Feather Login Page versions 1.1.5 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability in the PluginOps Feather Login Page. This type of vulnerability allows an attacker to trick a user into performi...
WordPress Feather Login Page plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Steven Julian Patchstack Alliance in WordPress Plugin Feather Login Page versions = 1.1.5...
WordPress Feather Login Page Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)
Software Feather Login Page Type Plugin Vulnerable versions = 1.1.5 Fixed in 1.1.6 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-31923 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5a2ea7b8b70e Credits Steven Julian...
Social Media Feather < 2.1.4 - Subscriber+ Unauthorised Action
Description The plugin does not have authorisation in a function, allowing any authenticated users, such as subscriber to call it...
WordPress Social Media Feather Plugin <= 2.1.3 is vulnerable to Broken Access Control
Software Social Media Feather Type Plugin Vulnerable versions = 2.1.3 Fixed in 2.1.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-49861 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID c21113708404 Credits Abdi Pranata...
PYSEC-2023-238
Deserialization of untrusted data in IPC and Parquet readers in PyArrow versions 0.14.0 to 14.0.0 allows arbitrary code execution. An application is vulnerable if it reads Arrow IPC, Feather or Parquet data from untrusted sources for example user-supplied input files...
Deserialization Of Untrusted Data
pyarrow is vulnerable to Deserialization Of Untrusted Data. The vulnerability due to the Arrow IPC, Feather or Parquet data from untrusted sources as the library does not by default disable the PyExtensionType autoloading. This allows an attacker to create PyArrow-specific extension types which...
CVE-2023-46777
A vulnerability in PluginOps Feather Login Page feather-login-page.This issue affects Feather Login Page: from n/a through = 1.1.3...
Feather Login Page < 1.1.4 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WordPress Feather Login Page Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Feather Login Page Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-46777 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 62aa1ddd991f Credits Mika Required...
CVE-2023-2547
The Feather Login Page plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteUser' function in versions starting from 1.0.7 up to, and including, 1.1.1. This makes it possible for authenticated attackers, with subscriber-level permissions...