CVE-2019-11869

The Yuzo Related Posts plugin 5.12.94 for WordPress has XSS because it mistakenly expects that isadmin verifies that the request comes from an admin user it actually only verifies that the request is for an admin page. An unauthenticated attacker can inject a payload into the plugin settings, suc...

CVE-2018-20155

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings...

CVE-2018-20155

The WP Maintenance Mode plugin before 2.0.7 for WordPress allows remote authenticated subscriber users to bypass intended access restrictions on changes to plugin settings...

LoginPress <= 1.1.15 - Authenticated Blind SQL Injection

Blind time-based SQL injection, combined with lack of permission check resulted in an unauthorised attack which can be performed by any user on the site including subscriber profiles. 1. Lack of permission check in settings import Similar to our recent analysis, this vulnerability was also caused...

Cross site request forgery (csrf)

An issue was discovered in the MULTIDOTS Woo Checkout for Digital Goods plugin 2.1 for WordPress. If an admin user can be tricked into visiting a crafted URL created by an attacker via spear phishing/social engineering, the attacker can change the plugin settings. The function...

Wolf CMS Cross-Site Request Forgery Vulnerability

Wolf CMS is a PHP-based open source content management system CMS developed by the Wolf CMS team. The system provides user interface , templates , user management and rights management and other functions . A cross-site request forgery vulnerability exists in Wolf CMS version 0.8.3.1. A remote...

CVE-2018-8814

Cross-site request forgery CSRF vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/pluginname/settings by crafting a malicious request...

CVE-2018-8814

Cross-site request forgery CSRF vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/pluginname/settings by crafting a malicious request...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/pluginname/settings by crafting a malicious request...

CVE-2018-8814

Cross-site request forgery CSRF vulnerability in WolfCMS 0.8.3.1 allows remote attackers to hijack the authentication of users for requests that modify plugin/pluginname/settings by crafting a malicious request...

WordPress Plugin YouTube Cross-Site Request Forgery Vulnerability

WordPress is the WordPress Software Foundation's set of blogging platform developed using the PHP language, the platform supports PHP and MySQL servers to set up a personal blog site.YouTube WordPress Plugin is a use of YouTube video playback plugin for WordPress. A cross-site request forgery...

WordPress YouTube Plugin Cross-Site Request Forgery Vulnerability

WordPress is a free and open source blogging software and content management system that uses PHP and MySQL as its platform. A cross-site request forgery vulnerability exists in the WordPress YouTube plugin version 11.8.1, which allows an unauthenticated attacker to change any setting in the plug...

WordPress Plugin CopySafe Web Protection Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed using the PHP language that allows users to set up their own websites on servers that support PHP and MySQL databases. WordPress can also be used as a content management system CMS. Cross-site request forgery exists in the CopySafe Web Protection plugin...

Sola Support Ticket <= 3.12 - XSS & Configuration Change

Any logged in user with any role and access to wp-admin in any way can update plugin settings including allowing HTML to be parsed. One can also change any notification messages to include JS which then can be used to obtain information by forgery. PoC Make POST request to /wp-admin with paramete...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Acobot Live Chat & Contact Form plugin 2.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or 2 conduct cross-site scripting XSS attacks via the acobottok...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings or conduct cross-site scripting XSS attacks via the 2 source or 3 redir...

Authentication flaw

VDG Security SENSE formerly DIVA before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : colon character in the Authorization HTTP header...

WordPress Plugin Simple Sticky Footer Has Multiple Cross-Site Request Forgery Vulnerabilities

WordPress is a use of PHP language development of blogging platform , users can support PHP and MySQL database server set up their own weblog . Simple Sticky Footer plugin is a footer can be tightly affixed to the bottom of the page plugin . The WordPress plugin Simple Sticky Footer has multiple...

CVE-2014-9523

Multiple cross-site request forgery CSRF vulnerabilities in the Our Team Showcase our-team-enhanced plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Timed Popup wp-timed-popup plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attack...