EUVD-2022-51489

Malicious code in bioql PyPI...

EUVD-2022-51490

Malicious code in bioql PyPI...

CVE-2022-4124

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...

Simple Popup Manager <= 1.3.5 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Simple Popup Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

WordPress Simple Popup Manager Plugin <= 1.3.5 is vulnerable to Cross Site Scripting (XSS)

Software Simple Popup Manager Type Plugin Vulnerable versions = 1.3.5 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-34797 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 3a5e35fbabd1 Credits Cronus Required privilege...

CVE-2022-4124

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...

CVE-2022-4125

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well...

CVE-2022-4124

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...

CVE-2022-4125

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well...

Cross site request forgery (csrf)

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...

CVE-2022-4125

CVE-2022-4125 (Popup Manager

CVE-2022-4124

CVE-2022-4124 affects the Popup Manager WordPress plugin up to version 1.6.6. Root cause: lack of authorization and CSRF checks when deleting popups, enabling unauthenticated users to delete them. Impact: unauthorized popup deletions. Exploitation: PoC demonstrates a POST to /wp-admin/admin-ajax....

CVE-2022-4124 Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

The Popup Manager WordPress plugin through 1.6.6 does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them...

WordPress plugin Popup Manager 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2022-25755 · WordPress · Popup Manager

Name of the Vulnerable Software and Affected Versions: Popup Manager WordPress plugin versions 1.6.6 and earlier Description: The issue concerns a lack of authorization and CSRF checks when deleting popups. This could allow unauthenticated users to delete them. Recommendations: For Popup Manager...

Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them As an unauthenticated users, or via CSRF: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type': 'application/x-www-form-urlencoded', ...

Popup Manager <= 1.6.6 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well fetch'/wp-admin/admin-ajax.php', method: 'POST', headers...

Popup Manager <= 1.6.6 - Unauthenticated Arbitrary Popup Deletion

The plugin does not have authorisation and CSRF checks when deleting popups, which could allow unauthenticated users to delete them PoC As an unauthenticated users, or via CSRF: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

Popup Manager <= 1.6.6 - Unauthenticated Stored XSS

The plugin does not have authorisation and CSRF check when creating/updating popups, and is missing sanitisation as well as escaping, which could allow unauthenticated attackers to create arbitrary popups and add Stored XSS payloads as well PoC fetch'/wp-admin/admin-ajax.php', method: 'POST',...