17 matches found
EUVD-2021-11143
Malware in sbrugna...
CVE-2021-24228
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form wp-login.php is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of...
CVE-2021-24227
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials a...
CVE-2021-24229
The Jetpack Scan team identified a Reflected Cross-Site Scripting via the patreonsaveattachmentpatreonlevel AJAX action of the Patreon WordPress plugin before 1.7.2. This AJAX hook is used to update the pledge level required by Patreon subscribers to access a given attachment. This action is...
WordPress Patreon WordPress plugin <= 1.9.0 - Image Protection Bypass vulnerability
Image Protection Bypass vulnerability discovered by MCboyIR Patchstack Alliance in WordPress Plugin Patreon WordPress versions = 1.9.0...
CVE-2021-24228
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form wp-login.php is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of...
CVE-2021-24230
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite t...
CVE-2021-24228
The Jetpack Scan team identified a Reflected Cross-Site Scripting in the Login Form of the Patreon WordPress plugin before 1.7.2. The WordPress login form wp-login.php is hooked by the plugin and offers to allow users to authenticate on the site using their Patreon account. Unfortunately, some of...
CVE-2021-24227
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials a...
CVE-2021-24227
The Jetpack Scan team identified a Local File Disclosure vulnerability in the Patreon WordPress plugin before 1.7.0 that could be abused by anyone visiting the site. Using this attack vector, an attacker could leak important internal files like wp-config.php, which contains database credentials a...
Cross site request forgery (csrf)
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged administrator disconnect the site from Patreon by visiting a specially crafted link...
Cross site request forgery (csrf)
The Jetpack Scan team identified a Cross-Site Request Forgery vulnerability in the Patreon WordPress plugin before 1.7.0, allowing attackers to make a logged in user overwrite or create arbitrary user metadata on the victim’s account once visited. If exploited, this bug can be used to overwrite t...
CVE-2021-24229
Patreon WordPress plugin prior to 1.7.2 is affected by a Reflected Cross-Site Scripting vulnerability in the patreon_save_attachment_patreon_level AJAX action. The issue arises because one parameter used by this AJAX endpoint is not sanitized before being echoed back to the user, and the action i...
CVE-2021-24228
Patreon WordPress Plugin
CVE-2021-24227
Patreon WordPress plugin
WordPress 插件 跨站请求伪造漏洞
Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A cross-site request forgery vulnerability exists in Patreon WordPress versions prior to 1.7.0. An attacker can exploit this vulnerability by tricking an administrator into visiting...
WordPress 插件 跨站脚本漏洞
Patreon is a subscription-based crowdfunding platform and Patreon WordPress is a WordPress plugin for the platform. A cross-site scripting vulnerability exists in the login form in Patreon WordPress versions prior to 1.7.2. An attacker can exploit this vulnerability to conduct cross-site scriptin...