Cross-site Request Forgery (CSRF)

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF in the admin/save.json.php process. An attacker can modify sensitive plugin configurations, such as payment processor credentials o...

CVE-2026-32735 Unpacking Arbitrary Mustache Template Files via `maven-dependency-plugin`

openapi-to-java-records-mustache-templates allows users to generate Java Records from OpenAPI specifications. Starting in version 5.1.1 and prior to version 5.5.1, the parent POM file of this project openapi-to-java-records-mustache-templates-parent, which is used to centralize plugin...

Multiple Plugins from CatchThemes - Unauthorised Plugin's Setting Change

Multiple Plugins from the CatchThemes vendor do not perform capability and CSRF checks in the ctpswitch AJAX action, which could allow any authenticated users, such as Subscriber to change the plugin's configurations. PoC 1 Turn off "Turn On Catch Themes & Catch Plugin tabs" jQuery.postajaxurl,...

Fedora 12 : xinha-0.96.1-1.fc12 (2010-9260)

Name: CVE-2010-1916 URL: https://vulners.com/cve/CVE-2009-1916 Assigned: 20100511 Reference: MISC: http://www.php-security.org/2010/05/10/mops-2010-019-serendipity-wysiw yg-editor-plugin-configuration-injection-vulnerability/index.html Reference: MISC:...

CVE-2009-2334

wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as...

CVE-2009-2334

wp-admin/admin.php in WordPress and WordPress MU before 2.8.1 does not require administrative authentication to access the configuration of a plugin, which allows remote attackers to specify a configuration file in the page parameter to obtain sensitive information or modify this file, as...