8 matches found
CVE-2023-5882
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution...
Remote code execution
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution...
CVE-2023-5882 WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution...
CVE-2023-5882 WP All Export (Free < 1.4.1, Pro < 1.8.6) - Remote Code Execution via CSRF
The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers to make logged in users perform unwanted actions leading to remote code execution...
CVE-2022-4004
Affected software: Donation Button WordPress plugin, versions through 4.0.0. Vulnerability: the AJAX action donation_button_twilio_send_test_sms does not properly enforce privileges or nonce checks. Impact: any logged-in user on the site (e.g., subscribers) could use the plugin’s Twilio integrati...
Donation Button <= 4.0.0 - Subscriber+ Broken Access Control leading to SMS Spam
The plugin does not properly check for privileges and nonce tokens in its "donationbuttontwiliosendtestsms" AJAX action, which may allow any users with an account on the affected site, like subscribers, to use the plugin's Twilio integration to send SMSes to arbitrary phone numbers. PoC While...
EulerOS 2.0 SP3 : squid (EulerOS-SA-2021-1852)
According to the versions of the squid packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid 2.x, 3.x, and 4.x through 4.8. Due to incorrect data management, it is vulnerable to information disclosure when...
squid -- Vulnerable to HTTP Digest Authentication
Squid Team reports: Problem Description: Due to incorrect data management Squid is vulnerable to a information disclosure when processing HTTP Digest Authentication. Severity: Nonce tokens contain the raw byte value of a pointer which sits within heap memory allocation. This information reduces...