WordPress Regenerate post permalink plugin <= 1.0.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross Site Request Forgery CSRF vulnerability discovered by Le Ngoc Anh Patchstack Alliance in WordPress Plugin Regenerate post permalink versions = 1.0.3...

WordPress Regenerate post permalink Plugin <= 1.0.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Regenerate post permalink Type Plugin Vulnerable versions = 1.0.3 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Request Forgery CSRF CVE CVE-2024-33681 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID f36caa416f72 Credits Le Ngoc Anh Required...

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

CVE-2024-32342

A cross-site scripting XSS vulnerability in the Create Page of Boid CMS v2.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter...

PT-2024-24521 · Boidcms · Boidcms

Name of the Vulnerable Software and Affected Versions: Boid CMS version 2.1.0 Description: A cross-site scripting XSS vulnerability in the Create Page of Boid CMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Permalink parameter. Recommendations...

CVE-2024-32342

Boid CMS v2.1.0 is affected by an XSS in the Create Page, exploitable via a crafted payload to the Permalink parameter. The vulnerability arises from improper handling of input in the Create Page flow, allowing attackers to execute arbitrary scripts/HTML in the context of users viewing the affect...

CVE-2024-2738

The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

CVE-2024-2738

The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

CVE-2024-2543

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...

CVE-2024-2543

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...

CVE-2024-2543 Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor

The Permalink Manager Lite plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'geturieditor' function in all versions up to, and including, 2.4.3.1. This makes it possible for unauthenticated attackers to view the permalinks of all posts...

CVE-2024-2738 Permalink Manager Lite and Permalink Manager Pro <= 2.4.3.1 - Reflected Cross-Site Scripting

The Permalink Manager Lite and Pro plugins for WordPress are vulnerable to Reflected Cross-Site Scripting via the ‘s’ parameter in multiple instances in all versions up to, and including, 2.4.3.1 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticate...

CVE-2024-1308

The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalinksettingssave' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the...

CVE-2024-1308 WooCommerce Cloak Affiliate Links <= 1.0.33 - Missing Authorization to Unauthenticated Permalink Modification

The WooCommerce Cloak Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'permalinksettingssave' function in all versions up to, and including, 1.0.33. This makes it possible for unauthenticated attackers to modify the...

WordPress Plugin Permalink 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security...

PT-2024-20938 · WordPress · Permalink Manager Lite

Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite plugin for WordPress versions up to, and including, 2.4.3.1 Description: The issue allows unauthorized access to data due to a missing capability check on the get uri editor function. This enables unauthenticated...

WordPress Plugin Permalink Manager Lite and Permalink Manager Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-21867 · WordPress · Permalink Manager Lite +1

Name of the Vulnerable Software and Affected Versions: Permalink Manager Lite and Pro plugins for WordPress versions up to, and including, 2.4.3.1 Description: The issue is related to Reflected Cross-Site Scripting via the s parameter in multiple instances due to insufficient input sanitization a...