Cross site request forgery (csrf)

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswpsavemeta function. This makes it possible for unauthenticated attackers to save meta data via a forged reque...

CVE-2020-36746 Menu Swapper <= 1.1.0.2 - Cross-Site Request Forgery Bypass

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswpsavemeta function. This makes it possible for unauthenticated attackers to save meta data via a forged reque...

CVE-2020-36746 Menu Swapper <= 1.1.0.2 - Cross-Site Request Forgery Bypass

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswpsavemeta function. This makes it possible for unauthenticated attackers to save meta data via a forged reque...

CVE-2020-36746

The CVE-2020-36746 entry concerns the Menu Swapper WordPress plugin. A CSRF flaw exists in versions up to 1.1.0.2 due to missing or incorrect nonce validation in the mswp_save_meta() function, enabling unauthenticated attackers to save metadata by crafting requests and tricking an administrator. ...

WordPress Plugin Menu Swapper 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-11886 · WordPress · Menu Swapper

Name of the Vulnerable Software and Affected Versions: Menu Swapper plugin for WordPress versions up to, and including, 1.1.0.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the mswp save meta function. This allows unauthenticated...

SUSE CVE-2010-5328

include/linux/inittask.h in the Linux kernel before 2.6.35 does not prevent signals with a process group ID of zero from reaching the swapper process, which allows local users to cause a denial of service system crash by leveraging access to this process group...

A week in security (December 5 - 11)

Last week on Malwarebytes Labs: Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25 Eufy "no cloud" security cameras streaming data to the cloud Snapchat gives Californians more power over their personal data Update now! Emergency fix for Google Chrome's V8...

Authorization

mailcow is a mailserver suite. A vulnerability innversions prior to 2022-09 allows an attacker to craft a custom Swagger API template to spoof Authorize links. This could redirect a victim to an attacker controller place to steal Swagger authorization credentials or create a phishing page to stea...

GSD-2022-1005700 arm64: set UXN on swapper page tables

arm64: set UXN on swapper page tables This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.60 by commit 775871d4be0d75e219cca937af843a4a1b60489...

PT-2022-33958 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.60 Description: The issue concerns the arm64 architecture, specifically the setting of UXN on swapper page tables. The actual impact and attack plausibility have not yet been proven. Recommendations: For...

GSD-2022-1005384 arm64: set UXN on swapper page tables

arm64: set UXN on swapper page tables This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.19.1 by commit 9283e708a9b8529e7aafac9ab5c5c79a9fab8846...

Swap execution will revert with invalid block.timestamp deadline when leveraging position.

Lines of code Vulnerability details Impact Detailed description of the impact of this finding. In the code, we hard code the swap deadline to block.timestamp, which is easlity expired. ISwapperswapperAddress.swapExactTokensForTokens borrowAmount, amountCollateralOutMin, path, addressthis,...

Not calling approve(0) before setting a new approval might cause reverts when used with Tether (USDT)

Lines of code Vulnerability details Impact Some tokens do not implement the ERC20 standard properly but are still accepted by most code that accepts ERC20 tokens. For example Tether USDT's approve function will revert if the current approval is not zero, to protect against front-running changes o...

PT-2025-26156

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue concerns the Linux kernel, specifically on arm64 systems that implement FEAT EPAN. The problem arises because UXN User eXecute Never is not set on the swapper page tables,...

[WP-H6] Swapper can be used to steal all the funds from the contract

Lines of code Vulnerability details function swapTokensGenericLiFiData memory lifiData, LibSwap.SwapData calldata swapData public payable uint256 receivingAssetIdBalance = LibAsset.getOwnBalancelifiData.receivingAssetId; // Swap executeSwapslifiData, swapData; uint256 postSwapBalance =...

Swap Functions Do Not Verify Final Token Matches The Swapped Token

Lines of code Vulnerability details Impact When calling Swapper.executeSwaps there are no checks to ensure the received token matches the final swapped token. If these are different it may result in user funds being locked in the contract. This issue is present in each of the following functions:...

Missing Slippage Protection

Handle robee Vulnerability details Missing slipage protection may lead to losing assets while swapping them. Without slipage protection the swapper is allowed to give much less worth of target tokens than it should in a fair swap. to Missing slippage protection at: no slippage protection at swap ...

WordPress Ad Swapper plugin <= 1.0.3 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by WPScan security research team in WordPress Ad Swapper plugin versions = 1.0.3. Solution Deactivate and delete. This plugin has been closed as of January 14, 2021 and is not available for download. Reason: Security Issue...

WordPress Menu Swapper plugin <= 1.1.0.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Menu Swapper plugin versions = 1.1.0.2. Solution Update the WordPress Menu Swapper plugin to the latest available version at least 1.1.1...