6 matches found
EUVD-2024-16945
Malicious code in bioql PyPI...
CVE-2024-1177
The WP Club Manager – WordPress Sports Club Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.2.10. This makes it possible for unauthenticated attackers to update th...
Design/Logic Flaw
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...
CVE-2024-1178 SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...
CVE-2024-1178 SportsPress – Sports Club & League Manager <= 2.7.17 - Missing Authorization to Unauthenticated Event Permalink Update
The SportsPress – Sports Club & League Manager plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settingssave function in all versions up to, and including, 2.7.17. This makes it possible for unauthenticated attackers to update the...
WP Job Manager < 2.1.0 - Cross-Site Request Forgery
Description The WP Job Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.0. This is due to missing or incorrect nonce validation on the settingssave function. This makes it possible for unauthenticated attackers to save settings via a...