837 matches found
Authentication flaw
VDG Security SENSE formerly DIVA before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : colon character in the Authorization HTTP header...
WordPress Plugin Simple Sticky Footer Has Multiple Cross-Site Request Forgery Vulnerabilities
WordPress is a use of PHP language development of blogging platform , users can support PHP and MySQL database server set up their own weblog . Simple Sticky Footer plugin is a footer can be tightly affixed to the bottom of the page plugin . The WordPress plugin Simple Sticky Footer has multiple...
CVE-2014-9523
Multiple cross-site request forgery CSRF vulnerabilities in the Our Team Showcase our-team-enhanced plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Timed Popup wp-timed-popup plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attack...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Facebook Like Box cardoza-facebook-like-box plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct...
CVE-2014-9454
Multiple cross-site request forgery CSRF vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct cross-site scripting XSS attac...
CVE-2014-9441
Multiple cross-site request forgery CSRF vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct cross-site scripting XSS attacks via...
CVE-2014-9437
Multiple cross-site request forgery CSRF vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attacks via...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct cross-site scripting XSS attacks via...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attacks via...
CVE-2014-9437
Multiple cross-site request forgery CSRF vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or 2 conduct cross-site scripting XSS attacks via...
CVE-2014-5199
Cross-site request forgery CSRF vulnerability in the WordPress File Upload plugin wp-file-upload before 2.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. NOTE: some of these details are...
CVE-2014-5199
CVE-2014-5199 is a CSRF vulnerability in the WordPress File Upload plugin (wp-file-upload) for WordPress, affecting versions before 2.4.2. The issue allows remote attackers to hijack the administrator’s authentication for requests that change plugin settings via unspecified vectors. Root cause is...
WordPress File Upload Plugin <= 2.4.1 - CSRF
Because of this vulnerability, the attackers can hijack the authentication of administrators for requests that change plugin settings via unspecified vectors. Solution Update the plugin...
CVE-2014-3850
Cross-site request forgery CSRF vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings to their default and disable registration approval via a request to...
CVE-2014-3845
Cross-site request forgery CSRF vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third par...
CVE-2014-3844
The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information...
CVE-2014-3845
CVE-2014-3845 affects the TinyMCE Color Picker WordPress plugin before version 1.2. The vulnerability is a Cross-site request forgery (CSRF) that allows remote attackers to hijack the authentication of unspecified users to perform requests that change plugin settings via unknown vectors. The unde...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin settings...