9 matches found
EUVD-2020-24194
Malware in sbrugna...
CVE-2020-36753
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save metabox data via a forged request...
CVE-2024-35772
Cross-Site Request Forgery CSRF vulnerability in presscustomizr Hueman.This issue affects Hueman: from n/a through 3.7.24...
WordPress Hueman theme <= 3.7.24 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by Dhabaleshwar Das Patchstack Alliance in WordPress Theme Hueman versions = 3.7.24...
WordPress Hueman Theme <= 3.7.24 is vulnerable to Cross Site Request Forgery (CSRF)
Software Hueman Type Theme Vulnerable versions = 3.7.24 Fixed in 3.7.25 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-35772 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2b3848018aa3 Credits Dhabaleshwar Das Required...
CVE-2020-36753
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save metabox data via a forged request...
Cross site request forgery (csrf)
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save metabox data via a forged request...
CVE-2020-36753 Hueman <= 3.6.3 - Cross-Site Request Forgery Bypass
The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save metabox data via a forged request...
CVE-2020-36753
The CVE-2020-36753 entry concerns the WordPress theme Hueman. All provided sources describe a Cross-Site Request Forgery vulnerability in Hueman versions up to 3.6.3 caused by missing or incorrect nonce validation in the save_meta_box() function, allowing unauthenticated attackers to save metabox...