10 matches found
EUVD-2022-51621
Malicious code in bioql PyPI...
CVE-2022-4265
The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object...
Cross site request forgery (csrf)
The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object...
CVE-2022-4265
CVE-2022-4265 affects the Replyable WordPress plugin prior to 2.2.10. The vulnerability arises because the plugin does not validate the submitted class name when instantiating an object in the prompt_dismiss_notice action and is missing a CSRF check in the related action, enabling any authenticat...
CVE-2022-4265 Replyable < 2.2.10 - Subscriber+ PHP Object Injection
The Replyable WordPress plugin before 2.2.10 does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object...
PT-2023-14142 · WordPress · Replyable
Name of the Vulnerable Software and Affected Versions: Replyable WordPress plugin versions prior to 2.2.10 Description: The issue arises from the lack of validation of the class name submitted by the request when instantiating an object in the prompt dismiss notice action, and the absence of a CS...
WordPress plugin Replyable 代码问题漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...
Replyable < 2.2.10 - Subscriber+ PHP Object Injection
The plugin does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could...
Replyable < 2.2.10 - Subscriber+ PHP Object Injection
The plugin does not validate the class name submitted by the request when instantiating an object in the promptdismissnotice action and also lacks CSRF check in the related action. This could allow any authenticated users, such as subscriber to perform Object Injection attacks. The attack could...
Postmatic <= 1.4.5 - Cross-Site Scripting (XSS)
The Replyable – Subscribe to Comments and Reply by Email WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...