EUVD-2020-5030

Malware in sbrugna...

CVE-2022-3911

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges,...

WordPress iubenda All-in-one Compliance for GDPR / CCPA Cookie Consent Plugin < 3.3.3 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:iubenda:iubenda-cookie-law-solution"; if description...

DRUPAL-CONTRIB-2023-016

The Iubenda Integration module provides a custom block to provide a link to the Iubenda privacy policy. On this block, a custom prefix and suffix text can be entered. The module does not sufficiently filter the block text fields on output, resulting in a Cross-Site Scripting XSS vulnerability. Th...

Iubenda Integration - Moderately critical - Cross Site Scripting - SA-CONTRIB-2023-016

The Iubenda Integration module provides a custom block to provide a link to the Iubenda privacy policy. On this block, a custom prefix and suffix text can be entered. The module does not sufficiently filter the block text fields on output, resulting in a Cross-Site Scripting XSS vulnerability. Th...

VulnCheck KEV: CVE-2022-3911

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any...

CVE-2022-3911

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges,...

CVE-2022-3911

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges,...

Cross site request forgery (csrf)

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges,...

CVE-2022-3911 iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges,...

CVE-2022-3911

CVE-2022-3911 affects the iubenda WordPress plugin prior to version 3.3.3. The vulnerability arises from missing authorization and CSRF protection in a plugin AJAX action and from not ensuring that updated options belong to the plugin when they are arrays. As a result, any authenticated user (e.g...

CVE-2022-3911 iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

The iubenda WordPress plugin before 3.3.3 does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges,...

WordPress plugin iubenda 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2023-13697 · WordPress · Iubenda Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: iubenda WordPress plugin versions prior to 3.3.3 Description: The issue affects the iubenda WordPress plugin, where a lack of authorization and CSRF protection in an AJAX action, combined with insufficient validation of options to be updated,...

iubenda < 3.3.3 - Subscriber+ Privileges Escalation to Admin

The plugin does does not have authorisation and CSRF in an AJAX action, and does not ensure that the options to be updated belong to the plugin as long as they are arrays. As a result, any authenticated users, such as subscriber can grant themselves any privileges, such as editplugins etc PoC Run...

WordPress iubenda-cookie-law-solution plugin input validation error vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. iubenda-cookie-law-solution is a plugin that supports customizing cookie banners and managing cookie consent. A security vulnerability...

CVE-2020-12742

The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols...

CVE-2020-12742

The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols...

Code injection

The iubenda-cookie-law-solution plugin before 2.3.5 for WordPress does not restrict URL sanitization to http protocols...

CVE-2020-12742

The CVE concerns the WordPress plugin iubenda-cookie-law-solution prior to version 2.3.5, where URL sanitization is not restricted to http protocols. Affected: iubenda-cookie-law-solution plugin for WordPress (pre-2.3.5). Root cause: improper input validation of URLs during sanitization. Document...