Cross site scripting

The WP Fluent Forms plugin 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions...

CVE-2021-34620 CSRF in WP Fluent Forms < 3.6.67 allows stored XSS and Privilege Escalation

The WP Fluent Forms plugin 3.6.67 for WordPress is vulnerable to Cross-Site Request Forgery leading to stored Cross-Site Scripting and limited Privilege Escalation due to a missing nonce check in the access control function for administrative AJAX actions...

CVE-2021-24354

A lack of capability checks and insufficient nonce check on the AJAX action in the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4, made it possible for authenticated users to install arbitrary plugins on vulnerable sites...

CVE-2021-24218

The wpajaxsavefbesettings and wpajaxdeletefbesettings AJAX actions of the Facebook for WordPress plugin before 3.0.4 were vulnerable to CSRF due to a lack of nonce protection. The settings in the saveFbeSettings function had no sanitization allowing for script tags to be saved...

WordPress插件 跨站请求伪造漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress Plugin is a WordPress open source application plugin . Cross-site request forgery vulnerability exists in the...

PT-2021-3982 · WordPress · Woocommerce Stock Manager

Name of the Vulnerable Software and Affected Versions: WooCommerce Stock Manager versions up to, and including, 2.5.7 Description: The issue is related to the implementation of the import/export functionality in the WooCommerce Stock Manager plugin for WordPress, specifically in the...

CVE-2020-13641

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

WordPress data-tables-generator-by-supsystic cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. data-tables-generator-by-supsystic is a data table generator plugin used in it. A security vulnerability exists in WordPress...

Replay Attack

auth0 is vulnerable to replay attacks. The authentication renew request does not include a nonce, which would allow an attacker to replay an old renewAuth request to obtain a valid session...

WordPress Cross-Site Request Forgery Vulnerability (CNVD-2017-07305)

WordPress is a blogging platform developed using the PHP language by the WordPress Software Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site request forgery vulnerability exists in the File System Certificates dialog in WordPress version...

DEBIAN-CVE-2017-9064

In WordPress before 4.7.5, a Cross Site Request Forgery CSRF vulnerability exists in the filesystem credentials dialog because a nonce is not required for updating credentials...

CVE-2016-1000032

TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times...

Information disclosure

TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times...

CVE-2016-1000032

TGCaptcha2 version 0.3.0 is vulnerable to a replay attack due to a missing nonce allowing attackers to use a single solved CAPTCHA multiple times...