13 matches found
CVE-2025-14167 Remove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings Update
The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR || instead of AND &&, causing the validation to fail when the nonce field is not empty OR when...
CVE-2025-14167
CVE-2025-14167 details a Cross-Site Request Forgery in the WordPress plugin Remove Post Type Slug (versions
CVE-2025-14167 Remove Post Type Slug <= 1.0.2 - Cross-Site Request Forgery to Settings Update
The Remove Post Type Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to incorrect nonce validation logic that uses OR || instead of AND &&, causing the validation to fail when the nonce field is not empty OR when...
WordPress Remove Post Type Slug plugin <= 1.0.2 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Remove Post Type Slug versions = 1.0.2...
CVE-2022-0693
The Master Elements WordPress plugin through 8.0 does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection...
CVE-2022-0693
The Master Elements WordPress plugin through 8.0 does not validate and escape the metaids parameter of its removepostmetacondition AJAX action available to both unauthenticated and authenticated users before using it in a SQL statement, leading to an unauthenticated SQL Injection...
WordPress plugin Master Elements SQL注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress plugin Master Elements 8.0 and earlier versions are vulnerable to SQL injection, which stems from t...
UBUNTU-CVE-2016-5837
WordPress before 4.5.3 allows remote attackers to bypass intended access restrictions and remove a category attribute from a post via unspecified vectors...
Ez Guestbook 1.0 - Multiple Vulnerabilities
No description provided by source. ------------------------------------------------------------------------------------------------- Title: Ez Guestbook 1.0 Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 14. December 2009...
Ez Guestbook 1.0 Cross Site Request Forgery
------------------------------------------------------------------------------------------------- Title: Ez Guestbook 1.0 Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 14. December 2009...
Ez Guestbook 1.0 Multiple Vulnerabilities
Exploit for unknown platform in category web applications ========================================= Ez Guestbook 1.0 Multiple Vulnerabilities ========================================= ------------------------------------------------------------------------------------------------- Application: Ez...
Ez Guestbook 1.0 Multiple Vulnerabilities
No description provided by source. ------------------------------------------------------------------------------------------------- Title: Ez Guestbook 1.0 Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 14. December 2009...
Ez Guestbook 1.0 - Multiple Vulnerabilities
------------------------------------------------------------------------------------------------- Title: Ez Guestbook 1.0 Multiple Vulnerabilities Author: Milos Zivanovic Email: milosz.securityatgmail.com Date: 14. December 2009...