2 matches found
CVE-2026-26021 Prototype pollution in set-in
set-in provides the set value of nested associative structure given array of keys. A prototype pollution vulnerability exists in the the npm package set-in =2.0.1, 2.0.5. Despite a previous fix that attempted to mitigate prototype pollution by checking whether user input contained a forbidden key...
WordPress Download Plugin Plugin <= 2.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Download Plugin Type Plugin Vulnerable versions = 2.0.4 Fixed in 2.0.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2022-36345 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8585091ec14a Credits István Márton...