10 matches found
CVE-2025-14389
The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's remote sync settings via a forged request granted...
CVE-2025-14389
The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's remote sync settings via a forged request granted...
CVE-2025-14389 WPBlogSyn <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update
The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's remote sync settings via a forged request granted...
CVE-2025-14389 WPBlogSyn <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update
The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's remote sync settings via a forged request granted...
CVE-2025-14389
CVE-2025-14389 (WPBlogSyn) is a CSRF vulnerability in WPBlogSyn for WordPress (versions ≤ 1.0) caused by missing nonce validation. An unauthenticated attacker can trick an administrator into performing actions to update the plugin’s remote sync settings via forged requests. The WPBlogSyn vulnerab...
PT-2026-2811
The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's remote sync settings via a forged request granted...
WordPress WPBlogSyn plugin <= 1.0 - Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update vulnerability
Cross-Site Request Forgery to Arbitrary Remote Sync Configuration Update vulnerability discovered by dayea song - Ahnlab in WordPress Plugin WPBlogSyn versions = 1.0...
WordPress plugin User Sync – Remote User Sync 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on PHP and MySQL servers. A cross-site request forgery vulnerability exists in...
CVE-2024-41926 Malicious remote can claim that a user was synced from another remote
Mattermost versions 9.9.x = 9.9.0 and 9.5.x = 9.5.6 fail to validate the source of sync messages and only allow the correct remote IDs, which allows a malicious remote to set arbitrary RemoteId values for synced users and therefore claim that a user was synced from another remote...
DSA-404 rsync - heap overflow
Bulletin has no description...