13 matches found
EUVD-2021-11890
Malware in sbrugna...
CVE-2021-24978
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete ...
WordPress OSMapper plugin cross-site request forgery vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in the...
CVE-2021-24978
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete ...
CVE-2021-24978
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete ...
Cross site request forgery (csrf)
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete ...
CVE-2021-24978
CVE-2021-24978 concerns the OSMapper WordPress plugin (versions ≤ 2.1.5). The vulnerability arises from an AJAX action used to delete a plugin-related post type named “map” that is registered with the wp_ajax_nopriv prefix, making it accessible to unauthenticated users. There is no authorization,...
CVE-2021-24978 OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion
The OSMapper WordPress plugin through 2.1.5 contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete ...
WordPress plugin OSMapper 安全漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in the...
PT-2022-9544 · WordPress · Osmapper Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: OSMapper WordPress plugin versions 2.1.5 and earlier Description: The issue allows unauthenticated users to delete arbitrary posts from a blog due to an AJAX action in the OSMapper WordPress plugin that lacks authorization, CSRF checks, and...
OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion
The plugin contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result,...
OSMapper <= 2.1.5 - Unauthenticated Arbitrary Post Deletion
The plugin contains an AJAX action to delete a plugin related post type named 'map' and is registered with the wpajaxnopriv prefix, making it available to unauthenticated users. There is no authorisation, CSRF and checks in place to ensure that the post to delete is a map one. As a result,...
WordPress OSMapper plugin <= 2.1.5 - Unauthenticated Arbitrary Post Deletion vulnerability
Unauthenticated Arbitrary Post Deletion vulnerability discovered by dc11 in WordPress OSMapper plugin versions = 2.1.5. Solution Deactivate and delete. This plugin has been closed as of February 15, 2022 and is not available for download. This closure is temporary, pending a full review...