6 matches found
WordPress Scroll Baner plugin cross-site request forgery vulnerability
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Scroll Baner plugin in version 1.0 and...
CVE-2021-24642
CVE-2021-24642 affects the Scroll Baner WordPress plugin (versions ≤ 1.0). The root cause is missing CSRF protection and lack of input sanitisation/validation when saving settings, enabling a logged-in admin to alter settings. This could lead to remote code execution (via a file upload) and cross...
CVE-2021-24642 Scroll Baner <= 1.0 - CSRF to RCE
The Scroll Baner WordPress plugin through 1.0 does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE via a file upload as well as XSS...
WordPress plugin Scroll Baner 跨站脚本漏洞
WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language. The platform supports the hosting of personal blog sites on PHP and MySQL servers. WordPress plugin is a WordPress open source application plugin. WordPress Scroll Baner plugin in version 1.0 and...
Scroll Baner <= 1.0 - CSRF to RCE
The plugin does not have CSRF check in place when saving its settings, nor perform any sanitisation, escaping or validation on them. This could allow attackers to make logged in admin change them and could lead to RCE via a file upload as well as XSS PoC The PHP code will put in the file at...
WordPress Scroll Baner plugin <= 1.0 - Cross-Site Request Forgery (CSRF) vulnerability leading to Remote Code Execution (RCE)
Cross-Site Request Forgery CSRF vulnerability leading to Remote Code Execution RCE discovered by Chuang Li in WordPress Scroll Baner plugin versions = 1.0. Solution Deactivate and delete. This plugin has been closed as of August 17, 2021 and is not available for download. Reason: Security Issue...