4 matches found
WordPress Widget Logic plugin <= 5.9.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability that leads to Remote Code Execution RCE found by Paul Dannewitz in WordPress Widget Logic plugin versions = 5.9.0. Solution Update the WordPress Widget Logic plugin to the latest available version at least 5.10.2...
WordPress Yet Another Stars Rating plugin <= 1.8.6 - PHP Object Injection vulnerability
PHP Object Injection vulnerability found by Paul Dannewitz in WordPress Yet Another Stars Rating plugin versions = 1.8.6. Solution Update the WordPress Yet Another Stars Rating plugin to the latest available version at least 1.8.7...
WordPress SQL Shortcode plugin <=1.1 - Authenticated SQL Execution vulnerability
Authenticated SQL Execution vulnerability found by Paul Dannewitz in WordPress SQL Shortcode plugin version 1.1 and earlier versions. This vulnerability allows users with low privileges to execute SQL. Solution SQL Shortcode plugin removed from WordPress plugin repository. Use plugin with caution...
WordPress AddToAny Share Buttons plugin <=1.7.14 - Conditional Host Header Injection vulnerability
Conditional Host Header Injection vulnerability found by Paul Dannewitz in WordPress AddToAny Share Buttons plugin. Vulnerable plugin version used Host header instead of homeurl thus allows custom Hostheader injection by crafted link, web cache poisoning and it may end up with sharing malicious...