9 matches found
CVE-2025-9635
The Analytics Reduce Bounce Rate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the unbounceoptions function. This makes it possible for unauthenticated attackers to modify Google...
CVE-2025-9635
CVE-2025-9635 affects the Analytics Reduce Bounce Rate plugin for WordPress (versions up to 2.3). The flaw is a Cross-Site Request Forgery due to missing or incorrect nonce validation on the unbounce_options function, enabling unauthenticated attackers to modify Google Analytics tracking settings...
CVE-2025-9635 Analytics Reduce Bounce Rate <= 2.3 - Cross-Site Request Forgery
The Analytics Reduce Bounce Rate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the unbounceoptions function. This makes it possible for unauthenticated attackers to modify Google...
CVE-2025-9635 Analytics Reduce Bounce Rate <= 2.3 - Cross-Site Request Forgery
The Analytics Reduce Bounce Rate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the unbounceoptions function. This makes it possible for unauthenticated attackers to modify Google...
QIWI: Subdomain Takeover on 1c-start.tochka.com pointing to unbouncepages
Actuall this report is same as of this one:- https://hackerone.com/reports/38007 Subdomain takeover vulnerabilities occur when a subdomain subdomain.example.com is pointing to a service e.g. GitHub pages, Heroku, etc. that has been removed or deleted. This allows an attacker to set up a page on t...
Takeover v0.2 - Sub-Domain TakeOver Vulnerability Scanner
Sub-domain takeover vulnerability occur when a sub-domain subdomain.example.com is pointing to a service e.g: GitHub , AWS/S3 ,.. that has been removed or deleted. This allows an attacker to set up a page on the service that was being used and point their page to that sub-domain. For example, if...
Greenhouse.io: Subdomain Takeover on demo.greenhouse.io pointing to unbouncepages
Actuall this report is same as of this one:- https://hackerone.com/reports/38007 Subdomain takeover vulnerabilities occur when a subdomain subdomain.example.com is pointing to a service e.g. GitHub pages, Heroku, etc. that has been removed or deleted. This allows an attacker to set up a page on t...
HackerOne: Subdomain takeover #2 at info.hacker.one
Summary: Hi team, looking the fix released from unbounce team at https://hackerone.com/reports/202767 i've been able to bypass it and takeover again the subdomain info.hacker.one with a new Vulnerable-Endpoint at UnbouncePages App Actual Dns Entry: F164154 Steps To Reproduce & New PoC for HackerO...
Udemy: Subdomain Takeover at Landing.udemy.com
Target: Landing.udemy.com Details: The target subdomain points to unbounce.com service, via a DNS CNAME record. As a result of this, an attacker could potentially initiate a subdomain takeover by registering the subdomain on unbounce.com. Additionally, Unbounce is a custom 404-page hosting servic...