WordPress WP Shop plugin <= 3.9.6 - Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities were discovered by ptsfence Patchstack Alliance in the WordPress WP Shop plugin versions = 3.9.6. Solution Deactivate and delete. No reply from the vendor...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in SEO Scout plugin = 0.9.83 at WordPress allows attackers to trick users with administrative rights to unintentionally change the plugin settings...

WordPress About Rentals plugin <= 1.5 - Missing Access Control vulnerability

Missing Access Control vulnerability leading to Unauthenticated Stored XSS and plugin settings change discovered by ptsfence in WordPress About Rentals plugin versions = 1.5. Solution Deactivate and delete. This plugin has been closed as of August 24, 2022 and is not available for download. This...

CVE-2022-35242

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin = 3.4.1 at WordPress...

Code injection

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin = 3.4.1 at WordPress...

CVE-2022-35242

CVE-2022-35242 affects the WordPress plugin 59sec LITE (THE Leads Management System) version

CVE-2022-35242 WordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerability

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin = 3.4.1 at WordPress...

WordPress plugin 59sec LITE 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2022-23318 · Akash Soni · As – Create Pinterest Pinboard Pages

Name of the Vulnerable Software and Affected Versions: Akash soni's AS – Create Pinterest Pinboard Pages plugin version 1.0 and earlier Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This occurs when a subscriber or higher can change plugin...

WP Hotel Booking < 2.0.1 - Unauthenticated Arbitrary Settings Update

The plugin does not have authorisation and CSRF checks in place when updating its settings, which could allow unauthenticated attackers to change them. PoC All settings are affected, example, to change the Thousands Separator one, run the below command in the developer console of the web browser...

CVE-2022-29495

Cross-Site Request Forgery CSRF vulnerability in Sygnoos Popup Builder plugin = 4.1.11 at WordPress allows an attacker to update plugin settings...

CVE-2022-29495

Concisely: The WordPress plugin Sygnoos Popup Builder (WP Plugin: Popup Builder) is affected up to version 4.1.11 by a Cross-Site Request Forgery (CSRF) vulnerability that allows an attacker to update plugin settings. The root cause is insufficient CSRF protection in settings update handling. Rep...

PT-2022-19658

Name of the Vulnerable Software and Affected Versions Sygnoos Popup Builder plugin versions = 4.1.11 Description A Cross-Site Request Forgery CSRF issue allows an attacker to update plugin settings. Recommendations For Sygnoos Popup Builder plugin versions = 4.1.11, update to a version higher tha...

Better Tag Cloud <= 0.99.5 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks when the unfilteredhtml capability is disallowed for example in multisite setup PoC Put the following payload in any text field setting...

WordPress plugin Wbcom Designs – BuddyPress Group Review 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

WordPress Opt-in plugin cross-site request forgery vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. version 1.4.1 of the WordPress Opt-in plugin is vulnerable to cross-site request forgery, which can b...

CVE-2022-2123

The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails...

CVE-2022-2123

The CVE entry CVE-2022-2123 corresponds to the WP Opt-in WordPress plugin (versions

WordPress plugin Opt-in 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. version 1.4.1 of the WordPress Opt-in plugin is vulnerable to cross-site request forgery, which can b...

CVE-2022-1321

The miniOrange's Google Authenticator WordPress plugin before 5.5.6 does not sanitise and escape some of its settings, leading to malicious users with administrator privileges to store malicious Javascript code leading to Cross-Site Scripting attacks when unfilteredhtml is disallowed for example ...