12 matches found
CVE-2024-7689
The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
QNAP Notes Station 3 Authentication Missing Vulnerability
QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from an authentication missing vulnerability that stems from the inclusion of ...
QNAP Systems Notes Station 安全漏洞
QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from a command injection vulnerability, which stems from the application faili...
QNAP Systems Notes Station 安全漏洞
QNAP Notes Station 3 is a private cloud notes software that runs on QNAP NAS devices and supports real-time multi-person collaboration, version control, data encryption and snapshot backup. QNAP Notes Station 3 suffers from an authentication missing vulnerability that stems from the inclusion of ...
CVE-2024-7689
The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-7689
The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-7689
Snapshot Backup plugin for WordPress
CVE-2024-7689 Snapshot Backup <= 2.1.1 - Stored XSS via CSRF
The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-7689 Snapshot Backup <= 2.1.1 - Stored XSS via CSRF
The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
WordPress plugin Snapshot Backup 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Snapshot Backup plugin <= 2.1.1 - Stored XSS via CSRF vulnerability
Stored XSS via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin Snapshot Backup versions = 2.1.1...
WordPress Snapshot Backup Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Snapshot Backup Type Plugin Vulnerable versions = 2.1.1 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-7689 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 5c418561fc96 Credits Bob Matyas Required...