25 matches found
EUVD-2019-10588
Malware in sbrugna...
EUVD-2022-42648
Malicious code in bioql PyPI...
EUVD-2023-30333
Malicious code in bioql PyPI...
CVE-2022-3240
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2023-40662
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Jonk @ Follow me Darling Cookies and Content Security Policy.This issue affects Cookies and Content Security Policy: from n/a through 2.15...
CVE-2023-41131
Cross-Site Request Forgery CSRF vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.10 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.10 versions...
CVE-2023-41131
CVE-2023-41131 refers to a CSRF vulnerability in the WordPress plugin Sptify Play Button for WordPress (Jonk @ Follow me Darling Sp tify Play Button) affecting versions
CVE-2023-41131 WordPress Sp*tify Play Button for WordPress Plugin <= 2.10 is vulnerable to Cross Site Request Forgery (CSRF)
Cross-Site Request Forgery CSRF vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.10 versions...
PT-2023-27815 · WordPress · Jonk @ Follow Me Darling Sp*Tify Play Button
Name of the Vulnerable Software and Affected Versions: Jonk @ Follow me Darling Sptify Play Button for WordPress plugin versions = 2.10 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performi...
CVE-2023-26536
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.05 versions...
CVE-2023-26536
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.05 versions...
Cross site scripting
Auth. contributor+ Cross-Site Scripting XSS vulnerability in Jonk @ Follow me Darling Sptify Play Button for WordPress plugin = 2.05 versions...
CVE-2023-26536
CVE-2023-26536 affects the WordPress plugin “Jonk @ Follow me Darling Sptify Play Button for WordPress” (Sp tify Play Button) up to version 2.05. The issue is an authenticated stored XSS via shortcode attributes (contributor+ required) that can output malicious scripts. Patch available in version...
CVE-2022-3240
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2022-3240
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2022-3240
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
Cross site request forgery (csrf)
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2022-3240
The CVE-2022-3240 entry concerns WordPress plugin Follow Me Plugin (versions ≤ 3.1.1). Root cause: missing nonce validation on FollowMeIgniteSocialMedia_options_page() enables CSRF, allowing unauthenticated attackers to alter plugin settings and inject JavaScript; WPVulnDB also notes potential St...
CVE-2022-3240 Follow Me Plugin <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting
The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...