3 matches found
KODO Qiniu < 1.5.1 - Cross-Site Request Forgery
Description The KODO Qiniu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.5.1 exclusive. This is due to missing or incorrect nonce validation on the kodosettingpage function. This makes it possible for unauthenticated attackers to replace URLs via a forge...
WordPress KODO Qiniu Plugin <= 1.5.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software KODO Qiniu Type Plugin Vulnerable versions = 1.5.0 Fixed in 1.5.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE N/A Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID c3ab23e88199 Credits Unknown Required privilege...
WordPress KODO Qiniu plugin <= 1.2.5 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability discovered in WordPress KODO Qiniu plugin versions = 1.2.5. Solution Update the WordPress KODO Qiniu plugin to the latest available version at least 1.3.0...