EUVD-2024-48347

Malicious code in bioql PyPI...

CVE-2024-7422

The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tmladminsavemssettings function. This makes it possible for unauthenticated attackers to update the theme's...

CVE-2024-7422

The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tmladminsavemssettings function. This makes it possible for unauthenticated attackers to update the theme's...

CVE-2024-7422 Theme My Login <= 7.1.7 - Cross-Site Request Forgery to Settings Update

The Theme My Login plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.1.7. This is due to missing or incorrect nonce validation on the tmladminsavemssettings function. This makes it possible for unauthenticated attackers to update the theme's...

CVE-2024-7422

CVE-2024-7422 (Theme My Login for WordPress) is a CSRF vulnerability in the Theme My Login plugin that affects multi-site WordPress installations. It arises from missing or incorrect nonce validation in the tml_admin_save_ms_settings() function, enabling an unauthenticated attacker to forge a req...

Ultimate Dashboard < 3.7.11 - Login Page Disclosure on Multi-site

Description The plugin is vulnerable to secret login page disclosure, allowing unauthenticated attackers to discover the secret login page URL on multi-site instances...

TS Webfonts for さくらのレンタルサーバ < 3.1.1 - Admin+ Stored Cross-Site Scripting

Description The plugin does not sanitise and escape some parameters, which could allow users with a role of Admin to perform Cross-Site Scripting attacks, for example on multisite instances...