WordPress plugin Post Snippets 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

EUVD-2023-43883

Malicious code in bioql PyPI...

WordPress WP All Import Pro plugin < 4.9.8 - Cross-Site Request Forgery to Imported Content Deletion vulnerability

Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import Pro versions 4.9.8...

WordPress WP All Import plugin <= 3.7.9 - Cross-Site Request Forgery to Imported Content Deletion

Cross-Site Request Forgery to Imported Content Deletion vulnerability discovered by ? in WordPress Plugin WP All Import versions = 3.7.9...

Royal Elementor Addons < 1.3.60 - Subscriber+ Arbitrary Import Deletion

The plugin does not have authorisation and CSRF checks when deleting imported content, which could allow any authenticated user, such as subscriber to perform such action...

CVE-2022-3679

The Starter Templates by Kadence WP WordPress plugin before 1.2.17 unserialises the content of an imported file, which could lead to PHP object injection issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...

CVE-2022-2903

The Ninja Forms Contact Form WordPress plugin before 3.6.13 unserialises the content of an imported file, which could lead to PHP object injections issues when an admin import intentionally or not a malicious file and a suitable gadget chain is present on the blog...