PT-2023-5744 · WordPress · Comments Like Dislike

Name of the Vulnerable Software and Affected Versions: Comments Like Dislike plugin for WordPress versions up to, and including, 1.1.9 Description: The issue is related to a missing capability check on the restore settings function, which can be exploited via an AJAX action. This allows...

Contact Form Builder by vcita <= 4.10.2 - Settings Update Via CSRF

The plugin does not protect its settings page against CSRF attacks, allowing an unauthenticated attacker to change the plugin's settings, and on older versions alert1;...

CVE-2023-28651

Cross-site scripting vulnerability exists in CONPROSYS HMI System CHS versions prior to 3.5.3. If a user who can access the affected product with an administrative privilege configures specially crafted settings, an arbitrary script may be executed on the web browser of the other user who is...

PT-2022-21433 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.4.6 Description: The issue is related to Cross-Site Request Forgery CSRF in the repository settings. A malicious user can change the settings of a repository by sending a URL to the victim. Recommendations: For...

WP Downgrade < 1.2.3 - Admin+ Stored Cross-Site Scripting

The plugin only perform client side validation of its "WordPress Target Version" settings, but does not sanitise and escape it server side, allowing high privilege users such as admin to perform Cross-Site attacks even when the unfilteredhtml capability is disallowed Access the settings of the...

CVE-2018-1000870

CVE-2018-1000870 affects PHPipam

Scientific-Atlanta, Inc. DPR2320R2 - Multiple CSRF vulnerability

No description provided by source. Exploit Title: DPR2320R2 Scientific-Atlanta, Inc.A Cisco COMPANY :: Multiple CSRF vulnerability Author: sajith Category: Hardware/Wireless Router vendor home page: http://www.cisco.com/web/consumer/support/modemDPR2320.html Software Version: v2.0.2r1262-090417 1...