EUVD-2024-47308

Malicious code in bioql PyPI...

EUVD-2023-50446

Malicious code in bioql PyPI...

CVE-2024-6168

The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated attackers to invoke this functionality...

CVE-2023-46203

Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2...

CVE-2023-46203

Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2...

CVE-2023-46203 WordPress Just Custom Fields plugin <= 3.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2...

CVE-2023-46203 WordPress Just Custom Fields plugin <= 3.3.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in JustCoded / Alex Prokopenko Just Custom Fields allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Just Custom Fields: from n/a through 3.3.2...

WordPress plugin Just Custom Fields 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Just Custom Fields plugin <= 3.3.2 - Cross-Site Request Forgery via AJAX actions vulnerability

Cross-Site Request Forgery via AJAX actions vulnerability discovered by Francesco Carlucci in WordPress Plugin Just Custom Fields versions = 3.3.2...

WordPress Just Custom Fields plugin <= 3.3.2 - Missing Authorization via AJAX actions vulnerability

Missing Authorization via AJAX actions vulnerability discovered by Francesco Carlucci in WordPress Plugin Just Custom Fields versions = 3.3.2...

CVE-2024-6168

The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on several AJAX function. This makes it possible for unauthenticated attackers to invoke this functionality...

CVE-2024-6167

The Just Custom Fields plugin for WordPress is vulnerable to unauthorized access of functionality due to a missing capability check on several AJAX functions in all versions up to, and including, 3.3.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to...

WordPress plugin Just Custom Fields security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Just Custom Fields Plugin <= 3.3.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Just Custom Fields Type Plugin Vulnerable versions = 3.3.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-6168 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 9fc0b88e6af6 Credits Francesco Carlucci...

PT-2024-37428 · WordPress · Just Custom Fields

Name of the Vulnerable Software and Affected Versions: The Just Custom Fields plugin for WordPress versions up to, and including, 3.3.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on several AJAX functions. This allows unauthenticat...

PT-2024-37427 · WordPress · Just Custom Fields

Name of the Vulnerable Software and Affected Versions: The Just Custom Fields plugin for WordPress versions up to, and including, 3.3.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to invoke functionality intended for admin users due to a missing...

WordPress plugin Just Custom Fields security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

Just Custom Fields <= 3.3.2 - Cross-Site Request Forgery on AJAX Actions

Description The Just Custom Fields plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on multiple AJAX actions. This makes it possible for unauthenticated attackers to create, modify, a...