104 matches found
WordPress Comment Info Detector plugin cross-site request forgery vulnerability
WordPress Comment Info Detector plugin is a WordPress plugin for displaying commenter browser and operating system information, developed by Kyle Baker. The WordPress Comment Info Detector plugin suffers from a cross-site request forgery vulnerability that stems from the options.php file not...
EUVD-2019-6959
Malware in sbrugna...
EUVD-2021-11316
Malware in sbrugna...
EUVD-2002-1120
Malware in sbrugna...
EUVD-2007-4138
Malware in sbrugna...
EUVD-2022-2783
Malicious code in bioql PyPI...
CVE-2025-10311
CVE-2025-10311 affects the WordPress plugin Comment Info Detector (versions
CVE-2025-9896
The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...
CVE-2025-9896 HidePost <= 2.3.8 - Cross-Site Request Forgery
The HidePost plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.8. This is due to missing or incorrect nonce validation on the options.php settings page. This makes it possible for unauthenticated attackers to modify plugin settings via a...
Linux Distros Unpatched Vulnerability : CVE-2019-7345
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Self - Stored Cross Site Scripting XSS exists in ZoneMinder through 1.32.3, as the view 'options' options.php does no input validation for the WEBTITLE, HOMEURL...
VulnCheck KEV: CVE-2024-11680
ProjectSend contains an improper authentication vulnerability that allows a remote, unauthenticated attacker to enable unauthorized modification of the application's configuration via crafted HTTP requests to options.php. Successful exploitation allows attackers to create accounts, upload...
Better Anchor Links <= 1.7.5 - Cross-Site Request Forgery via admin/options.php
Description The Better Anchor Links plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.5. This is due to missing or incorrect nonce validation on the admin/options.php file. This makes it possible for unauthenticated attackers to update the...
CVE-2022-4631
A vulnerability, which was classified as problematic, was found in WP-Ban. Affected is an unknown function of the file ban-options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 22b925449c84faa9b7496abe4f8f5661cb5eb3bf. ...
CVE-2022-4631 WP-Ban ban-options.php cross site scripting
A vulnerability, which was classified as problematic, was found in WP-Ban. Affected is an unknown function of the file ban-options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 22b925449c84faa9b7496abe4f8f5661cb5eb3bf. ...
CVE-2022-4631 WP-Ban ban-options.php cross site scripting
A vulnerability, which was classified as problematic, was found in WP-Ban. Affected is an unknown function of the file ban-options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The name of the patch is 22b925449c84faa9b7496abe4f8f5661cb5eb3bf. ...
CVE-2021-4252
A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function togglecheckbox of the file ban-options.php. The manipulation of the argument $SERVER"HTTPUSERAGENT" leads to cross site scripting. The attack may be initiated remotely. The name of the...
CVE-2021-4252
A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function togglecheckbox of the file ban-options.php. The manipulation of the argument $SERVER"HTTPUSERAGENT" leads to cross site scripting. The attack may be initiated remotely. The name of the...
CVE-2021-4252 WP-Ban ban-options.php toggle_checkbox cross site scripting
A vulnerability, which was classified as problematic, has been found in WP-Ban. This issue affects the function togglecheckbox of the file ban-options.php. The manipulation of the argument $SERVER"HTTPUSERAGENT" leads to cross site scripting. The attack may be initiated remotely. The name of the...
GHSA-599G-R6X7-JM4X WPGlobus plugin Stored XSS & CSRF security vulnerability
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionposttypepage parameter to wp-admin/options.php...
GHSA-V9H6-53FX-GH4J WPGlobus plugin Stored XSS & CSRF security vulnerability
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobusoptionbrowserredirectredirectbylanguage parameter to wp-admin/options.php...