349 matches found
Code injection
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled...
CVE-2023-43754 Permalink previews displayed for posts in archived channels even if users are disallowed to view archived channels
Mattermost fails to check whether the “Allow users to view archived channels” setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” setting is disabled...
CVE-2023-43754
Mattermost contains a vulnerability where permalink previews do not verify the setting that controls viewing archived channels. The root cause is a missing check during permalink preview generation, allowing members to see previews for archived channels even when the setting to view archived chan...
Mattermost Security Vulnerabilities
Mattermost is an open source collaboration platform from Mattermost Inc. in the United States. A security vulnerability exists in Mattermost that stems from an inability to check whether the "Allow users to view archived channels" setting is enabled during permalink preview display, allowing...
PT-2023-28966 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue arises from Mattermost's failure to check if the "Allow users to view archived channels" setting is enabled when displaying permalink previews. This oversight allows members to...
WordPress Metform Elementor Contact Form Builder Plugin < 3.3.3 CSRF Vulnerability
The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wpmet:metformelementorcontactformbuilder"; if description...
CVE-2023-4108
Mattermost fails to sanitize post metadata during audit logging resulting in permalinks contents being logged...
Mattermost Log Information Disclosure Vulnerability
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. Mattermost suffers from a security vulnerability that stems from a failure to properly clean post metadata during audit logging, resulting in permalinks permanent links being recorded...
WordPress Premmerce Permalink Manager for WooCommerce Plugin <= 2.3.8 is vulnerable to Cross Site Scripting (XSS)
Software Premmerce Permalink Manager for WooCommerce Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority Medium CVSS severity Medium 7.1 Developer Premmerce PSID 3d9ba08b3dfc Credits Rafie...
CVE-2023-2517
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...
CVE-2023-2517
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...
CVE-2023-2517
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...
Cross site request forgery (csrf)
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...
CVE-2023-2517 Metform Elementor Contact Form Builder <= 3.3.2 - Cross-Site Request Forgery via permalink_setup
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...
WordPress Plugin Metform Elementor Contact Form Builder 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...
CVE-2023-2495
CVE-2023-2495 concerns the Greeklish-permalink WordPress plugin (≤ 3.3). The vulnerability arises from missing authorization/nonce checks in the cyrtrans_ajax_old AJAX action, enabling unauthenticated and low-privilege users to trigger the plugin’s slug-changing function, directly or via CSRF. Th...
CVE-2023-2495 Greeklish-permalink < 3.5 - Unauthenticated Post Slug Update
The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...
CVE-2023-2495 Greeklish-permalink < 3.5 - Unauthenticated Post Slug Update
The Greeklish-permalink WordPress plugin through 3.3 does not implement correct authorization or nonce checks in the cyrtransajaxold AJAX action, allowing unauthenticated and low-privilege users to trigger the plugin's functionality to change Post slugs either directly or through CSRF...
WordPress plugin Greeklish-permalink 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress Greeklish-permalink Plugin <= 3.3 is vulnerable to Privilege Escalation
Software Greeklish-permalink Type Plugin Vulnerable versions = 3.3 Fixed in N/A OWASP Top 10 A2: Broken Authentication Classification Privilege Escalation CVE CVE-2023-2495 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID fc7e9236dbd8 Credits Jonas Höbenreich Required...