22 matches found
Hubbell Aclara Metrum Cellular Web Interface
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow attackers to manipulate critical device settings and repeatedly disrupt operations, potentially causing a loss of communications to the device. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to...
CVE-2025-11497 Advanced Database Cleaner <= 3.1.6 - Cross-Site Request Forgery to Settings Manipulation
The Advanced Database Cleaner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.6. This is due to missing or incorrect nonce validation on the aDBcprepareelementstoclean function. This makes it possible for unauthenticated attackers to alte...
CVE-2025-50849
CS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference IDOR. The user profile functionality allows enabling or disabling stickers through a parameter companyid sent in the request. However, this operation is not properly validated on the server side. An authenticated user can manipulate...
WordPress School Management System – SakolaWP plugin <= 1.0.8 - Cross-Site Request Forgery to Exam Setting Manipulation vulnerability
Cross-Site Request Forgery to Exam Setting Manipulation vulnerability discovered by Dhabaleshwar Das in WordPress Plugin School Management System – SakolaWP versions = 1.0.8...
CVE-2024-2782 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,...
CVE-2023-5796 CodeAstro POS System Logo setting unrestricted upload
A vulnerability was found in CodeAstro POS System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /setting of the component Logo Handler. The manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been...
TinyMCE Custom Styles < 1.1.4 - Admin+ Stored Cross-Site Scripting
The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. PoC 1. Go to "Settings" » "TinyMCE Custom Styles"...
CVE-2021-22011
vCenter Server contains an unauthenticated API endpoint vulnerability in vCenter Server Content Library. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to perform unauthenticated VM network setting manipulation...
LiveOptim 1.1.3 - Configuration Setting Manipulation CSRF
The SEO Plugin LiveOptim WordPress plugin was affected by a Configuration Setting Manipulation CSRF security vulnerability...
Twitget 3.3.1 - twitget.php Twitter Setting Manipulation CSRF
The Twitget WordPress plugin was affected by a twitget.php Twitter Setting Manipulation CSRF security vulnerability...
IndiaNIC FAQs Manager 1.0 - FAQ Setting Manipulation CSRF
The faqs-manager WordPress plugin was affected by a FAQ Setting Manipulation CSRF security vulnerability...
SexyBookmarks - Setting Manipulation CSRF
The sexybookmarks WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
IndiaNIC Testimonial 2.2 - Setting Manipulation CSRF
The Testimonial WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
Stream Video Player <= 1.4.0 - Setting Manipulation CSRF
The Stream Video Player WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
qTranslate 2.5.34 - Setting Manipulation CSRF
The qtranslate WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
WP Maintenance Mode 1.8.7 - Setting Manipulation CSRF
The WP Maintenance Mode WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
WP-Print 2.51 - Setting Manipulation CSRF
The WP-Print WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
FunCaptcha 0.3.2- Setting Manipulation CSRF
The funcaptcha WordPress plugin was affected by security vulnerability...
Top 10 <= 1.9.2 - Setting Manipulation CSRF
The Top 10 – Popular posts plugin for WordPress WordPress plugin was affected by a Setting Manipulation CSRF security vulnerability...
Huawei E5331 MiFi Unauthenticated Access / Setting Manipulation
Huawei E5331 MiFi mobile hotspot version 21.344.11.00.414 suffers from unauthenticated access and setting manipulation vulnerabilities. ======================================================================= title: Unauthenticated access & manipulation of settings product: Huawei E5331 MiFi mobil...