25 matches found
EUVD-2021-11145
Malware in sbrugna...
EUVD-2021-11949
Malware in sbrugna...
CVE-2021-24229
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreonsaveattachmentpatreonlevel AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is...
CVE-2021-25037
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database e.g., usernames and hashed...
Sql injection
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database e.g., usernames and hashed...
CVE-2021-25037
The CVE-2021-25037 entry describes an authenticated SQL injection in the WordPress plugin All In One SEO Pack, affecting versions before 4.1.5.3. Impact is disclosure of privileged data from the site database (e.g., usernames and hashed passwords) when authenticated access is present. Root-cause ...
CVE-2021-25037 All In One SEO < 4.1.5.3 - Authenticated SQL Injection
The All in One SEO WordPress plugin before 4.1.5.3 is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database e.g., usernames and hashed...
CVE-2021-25036 All In One SEO < 4.1.5.3 - Authenticated Privilege Escalation
The All in One SEO WordPress plugin before 4.1.5.3 is affected by a Privilege Escalation issue, which was discovered during an internal audit by the Jetpack Scan team, and may grant bad actors access to protected REST API endpoints they shouldn’t have access to. This could ultimately enable users...
All In One SEO < 4.1.5.3 - Authenticated SQL Injection
The plugin is affected by an authenticated SQL injection issue, which was discovered during an internal audit by the Jetpack Scan team, and could grant attackers access to privileged information from the affected site’s database e.g., usernames and hashed passwords...
Multiple vulnerabilities in popular WordPress plugin WP Fastest Cache
Multiple vulnerabilities have been found in the popular WordPress plugin WP Fastest Cache during an internal audit by the Jetpack Scan team. Jetpack reports that it found an Authenticated SQL Injection vulnerability and a Stored XSS Cross-Site Scripting via Cross-Site Request Forgery CSRF issue. ...
CVE-2021-24231
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link...
Cross site scripting
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form wp-login.php is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of...
Cross site request forgery (csrf)
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link...
Cross site scripting
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreonsaveattachmentpatreonlevel AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is...
Arbitrary file deletion
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials a...
Cross site request forgery (csrf)
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite t...
CVE-2021-24231 Patreon WordPress < 1.7.0 - CSRF to Disconnect Sites From Patreon
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link...
CVE-2021-24230
Vulnerability (CVE-2021-24230) is a CSRF in the Patreon WordPress plugin prior to 1.7.0. An authenticated attacker visiting a page could cause a logged-in user to overwrite or create arbitrary user metadata, specifically the wp_capabilities meta, altering the user’s roles and privileges and poten...
CVE-2021-24228 Patreon WordPress < 1.7.2 - Reflected XSS on Login Form
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form wp-login.php is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of...
CVE-2021-24228
Patreon WordPress Plugin