6 matches found
EUVD-2021-34178
Malicious code in bioql PyPI...
CVE-2021-24781
The Image Source Control WordPress plugin before 2.3.1 allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit...
CVE-2021-4351
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible for...
CVE-2021-4351 Frontend File Manager <= 18.2 - Unauthenticated Post Meta Change
The Frontend File Manager plugin for WordPress is vulnerable to Unauthenticated Post Meta Change in versions up to, and including, 18.2. This is due to lacking authentication protections, capability checks, and sanitization, all on the wpfmfilemetaupdate AJAX action. This makes it possible for...
Image Source Control < 2.3.1 - Contributor+ Arbitrary Post Meta Value Change
The plugin allows users with a role as low as Contributor to change arbitrary post meta fields of arbitrary posts even those they should not be able to edit PoC Run while in the Post/Page editor as a contributor jQuery.postajaxurl, action: "iscsavemeta", nonce: iscData.nonce, id:781, key:...
WordPress Frontend File Manager plugin <= 18.2 - Unauthenticated Post Meta Change and Arbitrary File Download vulnerability
Unauthenticated Post Meta Change and Arbitrary File Download vulnerability discovered by Jerome Bruandet NinTechNet in WordPress Frontend File Manager plugin versions = 18.2. Solution Update the WordPress Frontend File Manager plugin to the latest available version at least 18.3...