CVE-2025-14354

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to perform variou...

EUVD-2025-202989

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to perform variou...

CVE-2025-14354

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to perform variou...

CVE-2025-14354

CVE-2025-14354 covers the WordPress plugin Resource Library for Logged In Users . Connected documentation confirms a CSRF vulnerability due to missing nonce validation on multiple administrative actions, allowing unauthenticated attackers to cause create/edit/delete operations by luring a site ad...

CVE-2025-14354 Resource Library for Logged In Users <= 1.5 - Cross-Site Request Forgery to Multiple Administrative Actions

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to perform variou...

CVE-2025-14354 Resource Library for Logged In Users <= 1.5 - Cross-Site Request Forgery to Multiple Administrative Actions

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to perform variou...

WordPress plugin Resource Library for Logged In Users 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host personal blog sites on PHP and MySQL-based...

PT-2025-50866

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to perform variou...

WordPress Resource Library for Logged In Users plugin <= 1.4 - Cross-Site Request Forgery to Multiple Administrative Actions vulnerability

Cross-Site Request Forgery to Multiple Administrative Actions vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Resource Library for Logged In Users versions = 1.4...

Linux Distros Unpatched Vulnerability : CVE-2023-28628

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lambdaisland/uri is a pure Clojure/ClojureScript URI library. In versions prior to 1.14.120 authority- regex allows an attacker to send malicious URLs to be...

CVE-2023-3622

Access Control Bypass Vulnerability in the SolarWinds Platform that allows an underprivileged user to read arbitrary resource...

CISA, NSA, and ODNI Release Part One of Guidance on Securing the Software Supply Chain

CISA, the National Security Agency NSA, and the Office of the Director of National Intelligence ODNI, have published part one of a three-part joint publication series, Securing Software Supply Chain Series - Recommended Practices for Developers. This guidance—created by the Enduring Security...

CVE-2020-12523

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LAN side, single switch ports can be disabled by device configuration. After a reboot these ports g...

TASER - Python3 Resource Library For Creating Security Related Tooling

TASER T esting A nd SE ecurity R esource is a Python resource library used to simplify the process of creating offensive security tooling, especially those relating to web or external assessments. It's modular design makes it easy for code to be customized and re-purposed in a variety of scenario...

File Upload Vulnerability in the Application Resource Library Platform of Xiamen NetZhongwei Software Co.

Xiamen net in the net software limited company is specialized in accounting class teaching teaching software product development, service, sales enterprises. A file upload vulnerability exists in the application repository platform of Xiamen NetZhongwei Software Co. An attacker can use the...

某管理系统SQL注入漏洞

简要描述： 根据官方统计，或属于通用型。 详细说明： 释锐是全国领先的智慧教育解决方案供应商。致力于通过技术创新为中小学、职校、高校和教育行政管理机构提供有竞争力的智慧教育解决方案和服务，持续提升客户体验，为客户创造最大价值。目前，释锐的产品和解决方案已经应用于 25 个省市，服务全国 3000 多所学校。 0x00: ESCHOOL智慧教育管理平台struts2命令执行漏洞 inurl:eeoa/login.jsp http://120.193.248.122/eeoa/registerRegisterAction.action...

Cross site scripting

Cross-site scripting XSS vulnerability in Resource Library tjsreslib 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-6699

Cross-site scripting XSS vulnerability in Resource Library tjsreslib 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-6699

Cross-site scripting XSS vulnerability in Resource Library tjsreslib 0.1.0 and earlier extension for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unknown vectors...

CVE-2008-6699

The vulnerability CVE-2008-6699 affects the TYPO3 Resource Library (tjs_reslib) extension for version 0.1.0 and earlier. It is a Cross-site Scripting (XSS) flaw that allows remote attackers to inject arbitrary web script or HTML via unknown vectors in the affected extension. Consequences per the ...