849 matches found
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Fatcat Apps Analytics Cat plugin = 1.0.9 on WordPress allows Plugin Settings Change...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in CodeAndMore WP Page Widget plugin = 3.9 on WordPress leading to plugin settings change...
CVE-2022-32587 WordPress WP Page Widget plugin <= 3.9 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in CodeAndMore WP Page Widget plugin = 3.9 on WordPress leading to plugin settings change...
CVE-2022-40223 WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability
Nonce token leakage and missing authorization in SearchWP premium plugin = 4.2.5 on WordPress leading to plugin settings change...
WordPress plugin Highlight Focus 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in the...
CVE-2022-3852
The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the...
Authorization
The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attacke...
WordPress VR Calendar plugin <= 2.3.3 – Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to deletion and modification of calendars as well as the plugin settings discovered by Marco Wotschka in the WordPress VR Calendar plugin versions = 2.3.3. Solution Update the WordPress VR Calendar plugin to the latest available version at lea...
AM-HiLi <= 1.0 - Admin+ Stored XSS
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
WordPress demon image annotation cross-site request forgery vulnerability
WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. Cross-site request forgery vulnerability exists in WordPress demon image annotation 4.7 and earlier versions, which stems from the lack of nonce...
CVE-2022-3097 LBStopAttack < 1.1.3 - Arbitrary Settings Update via CSRF
The Plugin LBstopattack WordPress plugin before 1.1.3 does not use nonces when saving its settings, making it possible for attackers to conduct CSRF attacks. This could allow attackers to disable the plugin's protections...
WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability
Broken Authentication vulnerability via Nonce Token Leakage Leading to Plugin Settings Change discovered by Dave Jong Patchstack in the WordPress SearchWP premium plugin versions = 4.2.5. Solution Update the WordPress SearchWP plugin to the latest available version at least 4.2.6...
Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting
The plugin does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message Setup: - In the General Settings of the plugin, check the "Show Chat...
CVE-2022-2350
The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block or unblock users at will...
WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Reset vulnerability
Unauthenticated Plugin Settings Reset vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress TH Advance Product Search plugin versions = 1.1.4. Solution No patched version is available. Ignored by the vendor since Aug 2, 2022...
WordPress Manage Notification E-mails plugin <= 1.8.2 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Reset discovered by Muhammad Daffa Patchstack Alliance in WordPress Manage Notification E-mails plugin versions = 1.8.2. Solution Update the WordPress Manage Notification E-mails plugin to the latest available version at lea...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Seriously Simple Podcasting plugin = 2.16.0 at WordPress, leading to plugin settings change...
CVE-2022-40132 WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in Seriously Simple Podcasting plugin = 2.16.0 at WordPress, leading to plugin settings change...
CVE-2022-35238
Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin = 1.9.7 at WordPress...
CVE-2022-35238
CVE-2022-35238 corresponds to an Unauthenticated Plugin Settings Change vulnerability in the WordPress Awesome Filterable Portfolio plugin (versions