CVE-2016-10897

The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues...

CVE-2022-0499

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones...

EUVD-2016-1891

Malware in sbrugna...

EUVD-2022-15636

Malicious code in bioql PyPI...

WordPress Sermon Browser plugin cross-site request forgery vulnerability

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in the...

CVE-2022-0499

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones...

CVE-2022-0499

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones...

Cross site request forgery (csrf)

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones...

CVE-2022-0499

Summary: CVE-2022-0499 affects the WordPress plugin Sermon Browser, versions ≤ 0.45.22. The issue, as described in multiple sources, is that the plugin lacks CSRF protection and does not validate uploaded Sermon files, allowing a logged-in admin to upload arbitrary files such as PHP scripts. Deta...

CVE-2022-0499 Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF

The Sermon Browser WordPress plugin through 0.45.22 does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones...

WordPress plugin Sermon Browser 代码问题漏洞

WordPress is the Wordpress Foundation's set of blogging platform developed using the PHP language . The platform supports PHP and MySQL servers to set up a personal blog site.WordPress plugin is a WordPress open source application plugin . A cross-site request forgery vulnerability exists in the...

WordPress Sermon Browser plugin <= 0.45.22 - Arbitrary File Upload via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary File Upload via Cross-Site Request Forgery CSRF vulnerability discovered by Krishna Harsha Kondaveeti in WordPress Sermon Browser plugin versions = 0.45.22. Solution Deactivate and delete. This plugin has been closed as of February 4, 2022 and is not available for download. This closure...

Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF

The plugin does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. function submitRequest var xhr = new XMLHttpRequest; xhr.open"POST",...

Sermon Browser <= 0.45.22 - Arbitrary File Upload via CSRF

The plugin does not have CSRF checks in place when uploading Sermon files, and does not validate them in any way, allowing attackers to make a logged in admin upload arbitrary files such as PHP ones. PoC Or, as admin, upload a PHP file via the Sermon Files feature of the plugin. The file will be ...

WordPress sermon-browser plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. sermon-browser is a church sermon plugin used in it. A cross-site scripting vulnerability exists in the WordPress sermon-browser plugi...

CVE-2016-10897

The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues...

CVE-2016-10897

The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues...

Sermon Browser < 0.45.16 - Multiple XSS

The Sermon Browser WordPress plugin was affected by a Multiple XSS security vulnerability...

WordPress Community Events Plugin <= 1.2.1 - SQL Injection

Sermon Browser plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...

WordPress SCORM Cloud Plugin <= 1.0.6.6 - SQL Injection

Sermon Browser plugin is prone to an SQL injection. This vulnerability allows an attacker to modify data, alter queries to the application SQL database, compromise the access and application or exploit hidden vulnerabilities in the underlying database. Solution Update the plugin...