8 matches found
CVE-2024-2232 Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites
The lacks CSRF checks allowing a user to invite any user to any group including private groups...
CVE-2024-2232 Himer - Social Questions and Answers < 2.1.3 - CSRF While Sending the Invites
The lacks CSRF checks allowing a user to invite any user to any group including private groups...
CVE-2024-2231 Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR
The allows any authenticated user to join a private group due to a missing authorization check on a function...
CVE-2024-2231 Himer - Social Questions and Answers < 2.1.1 - Subscriber+ Private Group Joining via IDOR
The allows any authenticated user to join a private group due to a missing authorization check on a function...
CVE-2024-2233 Himer - Social Questions and Answers < 2.1.1 - Multiple CSRF on the Group Section
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks. These include declining and accepting group invitations or leaving a group...
Himer - Social Questions and Answers < 2.1.1 - Contributor+ Stored XSS
Description The theme does not sanitise and escape some of its Post settings, which could allow high privilege users such as Contributor to perform Stored Cross-Site Scripting attacks PoC The PoC will be displayed on June 26, 2024, to give users the time to update...
Himer - Social Questions and Answers < 2.1.1 - Bypass Poll Voting Restrictions via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack The PoC will be displayed on June 26, 2024, to give users the time to update...
Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
Description The theme does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack PoC The PoC will be displayed on June 26, 2024, to give users the time to update...