29 matches found
EUVD-2023-31221
Malicious code in bioql PyPI...
EUVD-2023-56822
Malicious code in bioql PyPI...
CVE-2025-47529
Missing Authorization vulnerability in UX Design Experts Experto CTA Widget – Call To Action, Sticky CTA, Floating Button Plugin experto-cta-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Experto CTA Widget – Call To Action, Sticky CTA, Floating...
CVE-2023-52149
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0...
CVE-2023-27445
Cross-Site Request Forgery CSRF vulnerability in Meril Inc. Blog Floating Button plugin = 1.4.12 versions...
CVE-2024-44018 WordPress Instant Chat WP plugin <= 1.0.5 - Local File Inclusion vulnerability
Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in istmoplugins Instant Chat Floating Button for WordPress Websites instant-chat-wp allows PHP Local File Inclusion.This issue affects Instant Chat Floating Button for WordPress Websites: from n/a through =...
WordPress plugin Instant Chat Floating Button for WordPress Websites 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A path traversal vulnerability exists in...
CVE-2023-52149
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0...
CVE-2023-52149
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0...
CVE-2023-52149 WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0...
CVE-2023-52149 WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Wow-Company Floating Button.This issue affects Floating Button: from n/a through 6.0...
CVE-2023-52149
CVE-2023-52149 is a CSRF in the Floating Button plugin (Wow-Company) affecting versions up to 6.0. Exploitation relies on CSRF via the plugin’s process_bulk_action, enabling unauthorized actions on affected sites. Patch/mitigation: upgrade to 6.0 or apply the vendor patch as indicated in the vuln...
WordPress Plugin Floating Button Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
PT-2024-14438 · Wow Company · Wow-Company Floating Button
Name of the Vulnerable Software and Affected Versions: Wow-Company Floating Button versions n/a through 6.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...
Floating Button < 6.0.1 - Cross-Site Request Forgery via process_bulk_action
Description The Floating Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.0. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to process bulk...
WordPress Floating Button Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software Floating Button Type Plugin Vulnerable versions = 6.0 Fixed in 6.0.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-52149 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 33e4d5b87e73 Credits Skalucy Required...
CVE-2023-27445
Cross-Site Request Forgery CSRF vulnerability in Meril Inc. Blog Floating Button plugin = 1.4.12 versions...
CVE-2023-27445
Cross-Site Request Forgery CSRF vulnerability in Meril Inc. Blog Floating Button plugin = 1.4.12 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Meril Inc. Blog Floating Button plugin = 1.4.12 versions...