5 matches found
PT-2022-23353 · Unknown · David Cole Simple Seo
Name of the Vulnerable Software and Affected Versions: David Cole Simple SEO plugin versions prior to 1.8.13 Description: The issue concerns a Missing Authorization and Cross-Site Request Forgery CSRF vulnerability, as well as a Broken Access Control vulnerability. This allows attackers to...
WordPress Simple SEO plugin <= 1.8.12 - Cross-Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability leading to Sitemap Creation/Deletion discovered by Mika Patchstack Alliance in WordPress Simple SEO plugin versions = 1.8.12. Solution Update the WordPress Simple SEO plugin to the latest available version at least 1.8.13...
WordPress Simple SEO plugin <= 1.8.12 - Broken Access Control vulnerability
Broken Access Control vulnerability leading to Sitemap Deletion/Creation discovered by Mika Patchstack Alliance in WordPress Simple SEO plugin versions = 1.8.12. Solution Update the WordPress Simple SEO plugin to the latest available version at least 1.8.13...
CVE-2014-2675
CVE-2014-2675 concerns the WordPress WP HTML Sitemap plugin (version 1.2) and its file inc/AdminPage.php. The vulnerability is a Cross-Site Request Forgery (CSRF) that allows an attacker to hijack the administrator’s authentication to perform a sensitive action: deleting the sitemap via a request...
CVE-2015-4353
Cross-site request forgery CSRF vulnerability in the Custom Sitemap module for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete sitemaps via unspecified vectors...