CVE-2024-10318 NGINX OpenID Connect Vulnerability

A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login time. This flaw allows an attacker to fix a victim's session to an attacker-controlled account. As a result, although the attacker cannot log in as the victim, they...

WordPress Simple File List cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Simple File List versions prior to 4.4.12 are vulnerable to cross-site request forgery, which stems...

WordPress Simple Download Monitor plugin cross-site request forgery vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on PHP and MySQL servers. cross-site request forgery vulnerability exists in versions prior to Wordpress Plugin Simple Download Monitor 3.9.9, which...

Mod-X Cross Site Request Forgery / Cross Site Scripting

Got bored and decided to break the new website of the company I work for. Throughout I'll be dropping two new exploits that were chained to allow the changing of the administrative password of a default mod-x install. This is not a full review of mod-x, my main goal was just to break something, s...