PT-2024-34791 · Unknown · Chaser324 Featured Posts Scroll

Name of the Vulnerable Software and Affected Versions: Chaser324 Featured Posts Scroll versions 1.25 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

WordPress plugin Featured Posts Scroll 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2024-16643 · WordPress · Featured Posts Scroll

Name of the Vulnerable Software and Affected Versions: Featured Posts Scroll plugin for WordPress versions up to, and including, 1.25 Description: The issue is due to missing or incorrect nonce validation on a function, making it possible for unauthenticated attackers to update settings and injec...

WordPress Featured Posts Scroll plugin <= 1.25 - CSRF to Stored Cross Site Scripting (XSS) vulnerability

CSRF to Stored Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin Featured Posts Scroll versions = 1.25...

WordPress Featured Posts Scroll Plugin <= 1.25 is vulnerable to Cross Site Request Forgery (CSRF)

Software Featured Posts Scroll Type Plugin Vulnerable versions = 1.25 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-51647 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 4e8c9b0726a9 Credits SOPROBRO Require...

CVE-2024-10040

The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the processajaxedit and processajaxdelete function. This makes it possible for unauthenticated attackers to mak...

CVE-2024-10040

The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the processajaxedit and processajaxdelete function. This makes it possible for unauthenticated attackers to mak...

CVE-2024-10040 Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update

The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the processajaxedit and processajaxdelete function. This makes it possible for unauthenticated attackers to mak...

CVE-2024-10040

CVE-2024-10040 : The Infinite-Scroll WordPress plugin (versions

CVE-2024-10040 Infinite-Scroll <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update

The Infinite-Scroll plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation on the processajaxedit and processajaxdelete function. This makes it possible for unauthenticated attackers to mak...

WordPress plugin Infinite-Scroll 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2024-49308 WordPress Animator – Scroll Triggered Animations plugin <= 3.0.15 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Toast Plugins Animator scroll-triggered-animations allows Reflected XSS.This issue affects Animator: from n/a through = 3.0.15...

WordPress Infinite-Scroll plugin <= 2.6.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Francesco Carlucci in WordPress Plugin Infinite-Scroll versions = 2.6.2...

WordPress Infinite-Scroll Plugin <= 2.6.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Infinite-Scroll Type Plugin Vulnerable versions = 2.6.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-10040 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 0d87943023a0 Credits Francesco Carlucci...

PT-2024-15990 · WordPress · Infinite-Scroll

Name of the Vulnerable Software and Affected Versions: Infinite-Scroll plugin for WordPress versions up to, and including, 2.6.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the process ajax edit and process ajax delete functions...

The vulnerability of the WordPress Infinite Scroll plugin – the Ajax Load More feature of the WordPress content management system – relates to the lack of security measures for website structures. This allows attackers to carry out cross-site scripting attacks.

The vulnerability of the WordPress Infinite Scroll plugin – the Ajax Load More feature of the WordPress content management system – is related to the lack of protective measures for the website’s structure. Exploiting this vulnerability allows a remote attacker to perform cross-site scripting...

CVE-2024-8505

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttonlabel’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-8505

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttonlabel’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-8505 WordPress Infinite Scroll - Ajax Load More <= 7.1.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via button_label Parameter

The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘buttonlabel’ parameter in all versions up to, and including, 7.1.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-8505

CVE-2024-8505 affects WordPress Infinite Scroll – Ajax Load More plugin; stored XSS via the button_label parameter in all versions up to 7.1.2. Exploitation requires authenticated access (Contributor+); impact is arbitrary script execution on pages when loaded by users. A fix is available in 7.1....