WordPress Publish Confirm Message Plugin <= 1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Publish Confirm Message Type Plugin Vulnerable versions = 1.3.1 Fixed in 2.0 OWASP Top 10 A2: Broken Authentication Classification Cross Site Request Forgery CSRF CVE CVE-2023-32124 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8e7992d754f6 Credits Taihei...

WordPress Corsa Theme <= 1.5 is vulnerable to Arbitrary File Upload

Software Corsa Type Theme Vulnerable versions = 1.5 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Arbitrary File Upload CVE CVE-2023-23970 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID 4cf947f86882 Credits Dave Jong Patchstack Required privilege...

WakaTime: Broken Authentication and session management OWASP A2

Hi, Security Team! i found vulnerability on https://wakatime.com/ Steps To Reproduce: 1. First log in into the account, website will create a session for current login. 2. Copy all Cookies and paste it on notepad. 3. Log out your account. 4. Open your chrome browser and right click on bookmark ba...

Liberapay: Broken Authentication and session management OWASP A2

Hello @liberapay, Description: It seems now if attacker has csrf token & victim cookies then attacker can easily login to victim account without any login details. No need Of Any Username/Password Theory Proof-Of-Concept: - Go to https://liberapay.com/admin.101/edit/username any username/Self...

New Relic: Broken Authentication and session management OWASP A2

@honc reported an issue with session expiration. We determined that this report was invalid, and it was self-closed by the researcher. Insufficient Session Expiration vulnerability...