WordPress plugin WooCommerce PDF Invoice Builder 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports PHP and MySQL servers to set up a personal blog site. WordPress plugin is an application plugin. WordPress plugin WooCommerce PDF...

CVE-2021-4413

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to save field icons via a...

CVE-2021-4412

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save and export functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a...

WordPress Plugin WP Prayer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress Plugin Process Steps Template Designer 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed using the PHP language, which supports personal blogs on PHP and MySQL servers.WordPress plugin is an...

PT-2023-12525 · WordPress · Process Steps Template Designer

Name of the Vulnerable Software and Affected Versions: Process Steps Template Designer plugin for WordPress versions up to, and including, 1.2.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save function. This allows...

CVE-2021-4386

The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...

WordPress Plugin eCommerce Product Catalog 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2023-12505 · WordPress · Ecommerce Product Catalog Plugin

Name of the Vulnerable Software and Affected Versions: eCommerce Product Catalog Plugin for WordPress versions up to, and including, 3.0.17 Description: The issue is due to missing or incorrect nonce validation on the save function, making it possible for unauthenticated attackers to save manual...

PT-2023-12498 · WordPress · Wp Security Question

Name of the Vulnerable Software and Affected Versions: WP Security Question plugin for WordPress versions up to, and including, 1.0.5 Description: The issue is due to missing or incorrect nonce validation on the save function, making it possible for unauthenticated attackers to modify the plugin'...

CVE-2023-3236

A vulnerability classified as critical has been found in mccms up to 2.6.5. This affects the function picsave of the file sys/apps/controllers/admin/Comic.php. The manipulation of the argument pic leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit ha...

PT-2023-23747 · Mccms · Mccms

Name of the Vulnerable Software and Affected Versions: mccms versions up to 2.6.5 Description: A critical issue has been found, affecting the pic save function of the file sys/apps/controllers/admin/Comic.php. The manipulation of the pic argument leads to server-side request forgery, which can be...

CVE-2023-2083

The Essential Blocks plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on the save function in versions up to, and including, 4.0.6. This makes it possible for subscriber-level attackers to save plugin settings. While a nonce check is presen...

WordPress Plugin Essential Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

PT-2023-17683 · WordPress · Essential Blocks

Name of the Vulnerable Software and Affected Versions: The Essential Blocks plugin for WordPress versions up to, and including, 4.0.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save function. This allows unauthenticated...

WordPress Plugin Essential Blocks 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-20168 · WordPress · Wpcs – Wordpress Currency Switcher Professional

Name of the Vulnerable Software and Affected Versions: WPCS – WordPress Currency Switcher Professional plugin versions up to, and including, 1.1.9 Description: The issue allows authenticated attackers with subscriber-level permissions and above to edit an arbitrary custom drop-down currency...

WordPress Plugin Essential Blocks 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

Cross-Site Request Forgery (CSRF)

github.com/phachon/mm-wiki is vulnerable to Cross-Site Request Forgery CSRF. The vulnerability exists in Save function of user.go which allows an attacker to execute arbitrary code via the system/user/save parameter...

CVE-2023-1867

The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to change the plugin's settings via a forged...