Watermark RELOADED <= 1.3.5 - Cross-Site Request Forgery via optionsPage

Description The Watermark RELOADED plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.5. This is due to missing or incorrect nonce validation on the 'optionsPage' function. This makes it possible for unauthenticated attackers to update plugin...

CVE-2021-34637

The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the /php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5...

Cross site request forgery (csrf)

The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the /php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5...

CVE-2021-34637 Post Index <= 0.7.5 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Post Index WordPress plugin is vulnerable to Cross-Site Request Forgery via the OptionsPage function found in the /php/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.5...

CVE-2021-34637

The CVE-2021-34637 item applies to the WordPress Post Index plugin, affected through CSRF via the OptionsPage in php/settings.php, with vulnerable versions up to 0.7.5. Public references describe an attacker who can inject arbitrary web scripts, resulting in stored XSS, via a CSRF flaw. Connected...

WordPress 插件 跨站请求伪造漏洞

WordPress Plugin is an open source application plugin for WordPress. A security vulnerability exists in the WordPress plugin, which stems from the vulnerability to cross-site request forgery via the OptionsPage function in the php settings.php file, which allows an attacker to inject arbitrary we...