63 matches found
CVE-2024-2233 Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group...
CVE-2024-2231 Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR
The allows any authenticated user to join a private group due to a missing authorization check on a function...
CVE-2024-2235 Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack...
CVE-2024-2233
Affected software/impact: Himer WordPress theme prior to 2.1.1 contains CSRF vulnerabilities in group-management actions (e.g., declining/accepting invitations, leaving a group). The root cause is missing CSRF checks in certain areas, enabling logged-in users to be targeted via CSRF attacks. Vers...
CVE-2024-2234
CVE-2024-2234 affects the Himer WordPress theme prior to version 2.1.1. The issue arises from insufficient sanitisation and escaping of certain Post settings, enabling Stored Cross-Site Scripting by high-privilege users (e.g., Contributors). The vulnerability is tied to the theme’s handling of po...
CVE-2024-2235 Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack...
CVE-2024-2231 Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR
The allows any authenticated user to join a private group due to a missing authorization check on a function...
CVE-2024-2233 Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group...
CVE-2024-2235
The CVE-2024-2235 entry concerns the Himer WordPress theme pre-2.1.1 lacking CSRF checks in multiple areas, enabling CSRF-based vote manipulation on polls (including restricted ones). Affected product: Himer WordPress theme
CVE-2024-2234 Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS
The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2024-2234 Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS
The Himer WordPress theme before 2.1.1 does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks...
CVE-2024-2040 Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...
CVE-2024-2040 Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...
CVE-2024-2040
The connected Patchstack entry confirms a CSRF vulnerability in WordPress theme Himer prior to version 2.1.1, enabling an attacker to cause users to join private groups without authorization. The affected product is the Himer WordPress theme (versions
PT-2024-18659 · Himer · Himer
Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue is related to the lack of CSRF checks in certain areas, which could allow attackers to make users join private groups via a CSRF attack. Recommendations: For versions prior ...
WordPress Himer Theme < 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Himer Type Theme Vulnerable versions 2.1.1 Fixed in 2.1.1 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2233 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 655236f18e54 Credits Sushmita Poudel Required privileg...
PT-2024-19355 · WordPress · Himer
Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to manipulate users into voting on polls they do not have access to through a CSRF attack...
PT-2024-19343 · Himer · Himer
Name of the Vulnerable Software and Affected Versions: Himer WordPress theme versions prior to 2.1.1 Description: The issue concerns the lack of CSRF checks in certain areas, allowing attackers to perform unwanted actions on logged-in users through CSRF attacks. This includes actions such as...
WordPress theme Himer Cross-Site Request Forgery Vulnerability
WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site request forgery vulnerability exists in WordPress theme Himer versions prior t...
WordPress theme Himer cross-site scripting vulnerability
WordPress is a blogging platform from the WordPress Foundation developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A cross-site scripting vulnerability exists in WordPress theme Himer versions prior to 2.1....