UBUNTU-CVE-2024-51485

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...

CVE-2024-51485 Insufficient Validation in Plugins (Activation/Deactivation) in Ampache

Ampache is a web based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins. This vulnerability allows an attacker to exploit CSRF attacks, potentially enabling them to change...

PT-2024-34649 · Ampache · Ampache

Name of the Vulnerable Software and Affected Versions: Ampache versions prior to 7.0.1 Description: Ampache is a web-based audio/video streaming application and file manager. The current implementation of token parsing fails to properly validate CSRF tokens when activating or deactivating plugins...

Ampache 跨站请求伪造漏洞

Ampache is an open source web-based audio/video application and file manager from Ampache. A cross-site request forgery vulnerability exists in Ampache version 7.0.1, which stems from the current token resolution implementation failing to properly validate CSRF tokens when activating or...

Exploit for Missing Authorization in Themehunk Hunk_Companion

CVE-2024-9707 Hunk Companion = 1.8.4 - Missing Authorizati...

Exploit for CVE-2023-30486

CVE-2023-30486 Square = 2.0.0 - Missing Authorization via...

CVE-2024-6987 Orchid Store <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation

The Orchid Store theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'orchidstoreactivateplugin' function in all versions up to, and including, 1.5.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress Orchid Store theme <= 1.5.6 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation vulnerability

Missing Authorization to Authenticated Subscriber+ Limited Plugin Activation vulnerability discovered by Lucio Sá in WordPress Theme Orchid Store versions = 1.5.6...

WordPress Pie Register plugin <= 3.8.3.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary plugin Installation and Activation/Deactivation vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary plugin Installation and Activation/Deactivation vulnerability discovered by Lucio Sá in WordPress Plugin Pie Register versions = 3.8.3.4...

CVE-2023-51670 WordPress FunnelKit Checkout plugin <= 3.10.3 - Authenticated Arbitrary Plugin Activation vulnerability

Missing Authorization vulnerability in FunnelKit FunnelKit Checkout.This issue affects FunnelKit Checkout: from n/a through 3.10.3...

CVE-2024-32705 WordPress ARForms plugin <= 6.4 - Subscriber+ Arbitrary Plugin Activation/Deactivation Vulnerability

Missing Authorization vulnerability in reputeinfosystems ARForms arforms.This issue affects ARForms: from n/a through = 6.4...

CVE-2023-23640 WordPress MainWP UpdraftPlus Extension Plugin <= 4.0.6 - Subscriber+ Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in MainWP MainWP UpdraftPlus Extension.This issue affects MainWP UpdraftPlus Extension: from n/a through 4.0.6...

CVE-2023-23639 WordPress MainWP Staging Extension Plugin <= 4.0.3 - Subscriber+ Arbitrary Plugin Activation Vulnerability

Missing Authorization vulnerability in MainWP MainWP Staging Extension.This issue affects MainWP Staging Extension: from n/a through 4.0.3...

CVE-2023-33923 Broken Access Control leading to Arbitrary Plugin Activation in multiple HashThemes themes

Missing Authorization vulnerability in HashThemes Viral News, HashThemes Viral, HashThemes HashOne.This issue affects Viral News: from n/a through 1.4.5; Viral: from n/a through 1.8.0; HashOne: from n/a through 1.3.0...

CVE-2024-0767

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

CVE-2024-0767

CVE-2024-0767 (Envo's Elementor Templates & Widgets for WooCommerce) is a CSRF in the plugin’s ajax_plugin_activation path that can let unauthenticated attackers activate arbitrary plugins if an admin is tricked into performing an action. The vulnerability affects WordPress installations using th...

CVE-2024-0767 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

CVE-2024-0767 Envo's Elementor Templates & Widgets for WooCommerce <= 1.4.4 - Cross-Site Request Forgery via ajax_plugin_activation

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajaxpluginactivation function. This makes it possible for unauthenticated...

PT-2024-15804 · Envo · Elementor Templates & Widgets For Woocommerce

Name of the Vulnerable Software and Affected Versions: The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajax plugin...

Envo's Elementor Templates & Widgets for WooCommerce < 1.4.5 - Arbitrary Plugin Activation via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ajaxpluginactivation function, allowing unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into...