13 matches found
CVE-2024-8199
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateapikey' function in all versions up to, and including, 1.1.2. This make...
CVE-2024-8199 Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'updateapikey' function in all versions up to, and including, 1.1.2. This make...
CVE-2024-8199
CVE-2024-8199 affects the WordPress plugin “Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More.” The issue is a missing capability check in update_api_key, present in all versions up to 1.1.2, allowing authenticated attackers with Subscriber-leve...
CVE-2024-8200 Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More <= 1.1.2 - Cross-Site Request Forgery
The Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'updateapikey'...
CVE-2024-8200
CVE-2024-8200 concerns the WordPress plugin “Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More.” Connected sources confirm a CSRF vulnerability caused by missing or incorrect nonce validation in the update_api_key function, affecting all version...
WordPress Reviews Feed plugin <= 1.1.2 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Settings Update vulnerability discovered by Sajjad Ahmad jacksparrow in WordPress Plugin Reviews Feed versions = 1.1.2...
WordPress Reviews Feed plugin <= 1.1.2 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Sajjad Ahmad jacksparrow in WordPress Plugin Reviews Feed versions = 1.1.2...
WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Broken Access Control
Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-8199 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID eb3754a5f963 Credits Sajjad Ahmad jacksparrow Required...
WordPress Reviews Feed Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)
Software Reviews Feed Type Plugin Vulnerable versions = 1.1.2 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-8200 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID d47df2666851 Credits Sajjad Ahmad jacksparro...
WordPress plugin Reviews Feed 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-38870 · WordPress · Reviews Feed – Add Testimonials/Customer Reviews From Google Reviews
Name of the Vulnerable Software and Affected Versions: Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress versions 1.1.2 and earlier Description: The issue is related to a missing capability check on the update api key...
WordPress plugin Reviews Feed 安全漏洞
WordPress and WordPress plugin are products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
PT-2024-38871 · WordPress · Reviews Feed – Add Testimonials/Customer Reviews From Google Reviews
Name of the Vulnerable Software and Affected Versions: Reviews Feed – Add Testimonials and Customer Reviews From Google Reviews, Yelp, TripAdvisor, and More plugin for WordPress versions up to, and including, 1.1.2 Description: The issue is due to missing or incorrect nonce validation on the upda...