EUVD-2022-42526

Malicious code in bioql PyPI...

CVE-2022-3097

The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections...

CVE-2022-3097

The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections...

Cross site request forgery (csrf)

The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections...

WordPress plugin LBStopAttack 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2022-20426 · WordPress · Lbstopattack

Name of the Vulnerable Software and Affected Versions: Plugin LBstopattack WordPress plugin versions prior to 1.1.3 Description: The issue allows attackers to conduct CSRF attacks because the plugin does not use nonces when saving its settings. This could enable attackers to disable the plugin's...

CVE-2022-3097 LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF

The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections...

CVE-2022-3097

CVE-2022-3097 affects the WordPress plugin LBstopattack, specifically versions prior to 1.1.3. The root cause is that the plugin does not use nonces when saving its settings, enabling CSRF attacks that could disable the plugin’s protections. The vulnerability is documented across multiple sources...

WordPress LBStopAttack plugin <= 1.1.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Settings Update discovered by Daniel Ruf in WordPress LBStopAttack plugin versions = 1.1.2. Solution Update the WordPress LBstopattack plugin to the latest available version at least 1.1.3...

LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF

The plugin does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections. PoC...