CVE-2022-40198 WordPress TeraWallet – For WooCommerce Plugin <= 1.3.24 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin = 1.3.24 leading to plugin settings change...

CVE-2023-23865

Cross-Site Request Forgery CSRF vulnerability in Checkout Plugins Stripe Payments For WooCommerce plugin = 1.4.10 leads to settings change...

CVE-2022-43464

Hidden functionality vulnerability in UDR-JA1604/UDR-JA1608/UDR-JA1616 firmware versions 71x10.1.107112.43A and earlier allows a remote authenticated attacker to execute an arbitrary OS command on the device or alter the device settings...

PT-2022-18644 · Fatcat Apps · Fatcat Apps Analytics Cat Plugin

Name of the Vulnerable Software and Affected Versions: Fatcat Apps Analytics Cat plugin versions = 1.0.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows changes to plugin settings. Recommendations: For Fatcat Apps Analytics Cat plugin versions = 1.0.9, update...

CVE-2022-40219 WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SedLex FavIcon Switcher plugin = 1.2.11 at WordPress allows plugin settings change...

VulnCheck KEV: CVE-2022-2461

The Transposh WordPress Translation plugin for WordPress is vulnerable to unauthorized setting changes by unauthenticated users in versions up to, and including, 1.0.9.6. This is due to insufficient permissions checking on the 'tptranslation' AJAX action and default settings which makes it...

CVE-2022-2108

The plugin Wbcom Designs – BuddyPress Group Reviews for WordPress is vulnerable to unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in several functions related to said actions in versions up to, and including, 2.8.3. This makes it...

PT-2022-14861 · Wbcom Designs · Buddypress Group Reviews

Name of the Vulnerable Software and Affected Versions: Wbcom Designs – BuddyPress Group Reviews for WordPress versions up to, and including, 2.8.3 Description: The issue allows unauthorized settings changes and review modification due to missing capability checks and improper nonce checks in...

CVE-2022-2123

The WP Opt-in WordPress plugin through 1.4.1 is vulnerable to CSRF which allows changed plugin settings and can be used for sending spam emails...

CVE-2022-1653

The Social Share Buttons by Supsystic WordPress plugin before 2.2.4 does not perform CSRF checks in it's ajax endpoints and admin pages, allowing an attacker to trick any logged in user to manipulate or change the plugin settings, as well as create, delete and rename projects and networks...

CVE-2022-1625

The New User Approve WordPress plugin before 2.4 does not have CSRF check in place when updating its settings and adding invitation codes, which could allow attackers to add invitation codes for bypassing the provided restrictions and to change plugin settings by tricking admin users into visitin...

WordPress plugin PDF24 Articles To PDF 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress PDF24 Articles To PDF plugin 4.2.2 and earlier versions have a cross-site request forgery...

CVE-2022-1624

The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

WordPress plugin Change wp-admin login 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. The WordPress plugin is an application plugin. WordPress Change wp-admin login plugin version 1.1.0 has a security vulnerability that stems from the...

EcoStruxure EV Charging Expert 安全漏洞

EcoStruxure EV Charging Expert is an electric vehicle charging infrastructure load management, access management and supervision solution from Schneider-electric, France. A security vulnerability exists in EcoStruxure EV Charging Expert, which stems from CWE-1021 An improper restriction in the...

CVE-2022-22727

A CWE-20: Improper Input Validation vulnerability exists that could allow an unauthenticated attacker to view data, change settings, impact availability of the software, or potentially impact a user�s local machine when the user clicks a specially crafted link. Affected Product: EcoStruxure Power...

PT-2022-1813 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to insufficient access controls in Microsoft Edge, allowing a remote attacker to elevate privileges in the system. This can enable the execution o...

CVE-2021-42539

The affected product is vulnerable to a missing permission validation on system backup restore, which could lead to account take over and unapproved settings change...

PT-2021-5074 · Juniper Networks · 128 Technology Session Smart Router

Name of the Vulnerable Software and Affected Versions: Juniper Networks 128 Technology Session Smart Router versions prior to 4.5.11 Juniper Networks 128 Technology Session Smart Router versions 5.0 up to and including 5.0.1 Description: The usage of an internal HTTP header created an...

Emerson WirelessHART Gateway 访问控制错误漏洞

The Emerson WirelessHART Gateway is a wireless gateway from Emerson USA. An access control error vulnerability exists in Emerson WirelessHART Gateway that stems from a lack of privilege validation on system backup recovery. An attacker could use this vulnerability to take over an account and chan...