CVE-2022-4943

The miniOrange's Google Authenticator plugin for WordPress is vulnerable to authorization bypass due to a missing capability check when changing plugin settings in versions up to, and including, 5.6.5. This makes it possible for unauthenticated attackers to change the plugin's settings...

CVE-2023-40282

The CVE-2023-40282 entry concerns Rakuten WiFi Pocket, with an improper authentication vulnerability (CWE-287) that allows a network-adjacent attacker to log in to the Management Screen. Affected: Rakuten WiFi Pocket (all versions mentioned as affected; 2B/2C reportedly unaffected per JVN). Root ...

CVE-2023-30764

OS command injection vulnerability exists in KB-AHR series and KB-IRIP series. If this vulnerability is exploited, an arbitrary OS command may be executed on the product or the device settings may be altered. Affected products and versions are as follows: KB-AHR04D versions prior to...

PT-2023-22962 · Kb-Ahr08D +3 · Kb-Ahr08D +5

Name of the Vulnerable Software and Affected Versions: KB-AHR04D versions prior to 91110.1.101106.78 KB-AHR08D versions prior to 91210.1.101106.78 KB-AHR16D versions prior to 91310.1.101106.78 KB-IRIP04A versions prior to 95110.1.100290.78A KB-IRIP08A versions prior to 95210.1.100290.78A KB-IRIP1...

CVE-2021-4371

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...

CVE-2021-4371

The WP Quick FrontEnd Editor plugin for WordPress is vulnerable to Setting Changs in versions up to, and including, 5.5. This is due to lacking both a security nonce and a capabilities check. This makes it possible for low-authenticated attackers to change plugin settings even when they do not ha...

SUSE CVE-2016-5162

The AllowCrossRendererResourceLoad function in extensions/browser/urlrequestutil.cc in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux does not properly use an extension's manifest.json webaccessibleresources field for restrictions on IFRAME elements, which...

CVE-2022-2536

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...

Input validation

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...

CVE-2022-2536 Transposh WordPress Translation <= 1.0.9.6 - Authorization Bypass

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...

CVE-2022-2536 Transposh WordPress Translation <= 1.0.9.6 - Authorization Bypass

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient validation of settings on the 'tptranslation' AJAX action which makes it possible for...

CVE-2022-2536

The Transposh WordPress Translation plugin for WordPress is affected by an unauthorized settings-change vulnerability (CVE-2022-2536) via the tp_translation AJAX action. Root cause: insufficient permission/validation checks on that endpoint, allowing unauthenticated users to influence site data. ...

CVE-2022-2461

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

Code injection

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.8.1. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

CVE-2022-2461

The Transposh WordPress Translation plugin is affected by CVE-2022-2461. Affected software: Transposh WordPress Translation plugin for WordPress. Vulnerable component: the tp_translation AJAX action, due to insufficient permissions checking. Root cause: unauthenticated users can trigger unauthori...

CVE-2022-2461 Transposh WordPress Translation <= 1.0.9.6 - Unauthorized Settings Change

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it possib...

Design/Logic Flaw

The Progressive License WordPress plugin through 1.1.0 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the settings, this could lead to Stored XSS issue...

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in the lack of authentication for critical functions. This allows attackers to disclose internal configuration details of the web interface or alter network settings.

The vulnerability of Siemens SICAM P850 and Siemens SICAM P855 multifunctional measuring devices lies in the lack of authentication for critical functions. Exploiting this vulnerability can allow an attacker to disclose internal configuration details of the web interface or modify network setting...

CVE-2022-30337

Cross-Site Request Forgery CSRF vulnerability in JoomUnited WP Meta SEO plugin = 4.4.8 at WordPress allows an attacker to update the social settings...

CVE-2020-12506

Improper Authentication vulnerability in WAGO 750-8XX series with FW version = FW03 allows an attacker to change the settings of the devices by sending specifically constructed requests without authentication This issue affects: WAGO 750-362, WAGO 750-363, WAGO 750-823, WAGO 750-832/xxx-xxx, WAGO...