EUVD-2021-11707

Malware in sbrugna...

CVE-2021-24795

The Filter Portfolio Gallery WordPress plugin through 1.5 is lacking Cross-Site Request Forgery CSRF check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery...

Filter Portfolio Gallery <= 1.5 - Arbitrary Gallery Deletion via CSRF

The plugin is lacking Cross-Site Request Forgery CSRF check when deleting a Gallery, which could allow attackers to make a logged in admin delete arbitrary Gallery. PoC https://example.com/wp-admin/admin.php?page=phoenfiltergalleryid=1...

WordPress Filter Portfolio Gallery plugin <= 1.5 - Arbitrary Gallery Deletion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Gallery Deletion via Cross-Site Request Forgery CSRF vulnerability discovered by Vishal Mohan in WordPress Filter Portfolio Gallery plugin versions = 1.5. Solution Deactivate and delete. This plugin has been closed as of October 7, 2021 and is not available for download. This closure is...

Filter Gallery < 0.0.7 - Unauthorised AJAX Calls

The plugin had a logic flaw in the CSRF checks of its AJAX calls, allowing them to be passed by not providing the related parameter in the request. This could allow attacker to make logged in users do unwanted actions. Furthermore, the AJAX calls are also lacking capability checks, allowing any...

Множественные уязвимости в SimpleViewerAdmin

+++++++++++++++++++++++++++++++++++++++++++++++ Множественные уязвимости в SimpleViewerAdmin +++++++++++++++++++++++++++++++++++++++++++++++ Затронутые продукты: SimpleViewerAdmin v1.7, возможно и более ранние версии. +++++++++++++++++++++++++++++++++++++++++++++++ Описание: SimpleViewerAdmin - э...