6 matches found
EUVD-2023-12780
Malicious code in bioql PyPI...
CVE-2023-0763
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack...
CVE-2023-0763 Clock In Portal <= 2.1 - Holidays Deletion via CSRF
The Clock In Portal- Staff & Attendance Management WordPress plugin through 2.1 does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack...
PT-2023-16511 · WordPress · Clock In Portal- Staff & Attendance Management
Name of the Vulnerable Software and Affected Versions: The Clock In Portal- Staff & Attendance Management WordPress plugin versions 2.1 and earlier Description: The issue is related to the lack of a CSRF check when deleting holidays, which could allow attackers to make logged-in admins delete...
Clock In Portal <= 2.1 - Holidays Deletion via CSRF
The plugin does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack PoC Make a logged in admin open a page with the code below, this will make them delete the Holiday with ID 1...
Clock In Portal <= 2.1 - Holidays Deletion via CSRF
The plugin does not have CSRF check when deleting Holidays, which could allow attackers to make logged in admins delete arbitrary holidays via a CSRF attack Make a logged in admin open a page with the code below, this will make them delete the Holiday with ID 1...