18 matches found
WordPress Plugin Popup Box: Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-5544
The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish unpublish popupbox' function that verifies a self-created nonce rather than one submitted in the request. This...
EUVD-2018-0235
Malware in sbrugna...
CVE-2024-5545
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...
CVE-2024-5545
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...
CVE-2024-5545
The Motors – Car Dealer, Classifieds & Listing plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the stmeditdeleteusercar function in all versions up to, and including, 1.4.8. This makes it possible for unauthenticated attackers to...
CVE-2024-1231
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack...
CVE-2024-1231
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack...
CVE-2024-1231 CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack...
CVE-2024-1231 CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF
The CM Download Manager WordPress plugin before 2.9.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack...
CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack PoC Make an admin open the URL below https://example.com/cmdownload/unpublish/id/...
CM Download and File Manager < 2.9.0 - Download Unpublish via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins unpublish downloads via a CSRF attack Make an admin open the URL below https://example.com/cmdownload/unpublish/id/...
CVE-2022-36118
An issue was discovered in Blue Prism Enterprise 6.0 through 7.01. In a misconfigured environment that exposes the Blue Prism Application server, it is possible for an authenticated user to reverse engineer the Blue Prism software and circumvent access controls for the SetProcessAttributes...
GHSA-646X-M363-9RH4 node-opensl is malware
The node-opensl package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security...
Code injection
proxy.js was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm...
Drupal Patterns Module Cross-Site Request Forgery Vulnerability
Drupal is a free, open-source content management system developed in PHP and maintained by the Drupal community.Patterns is one of the modules that builds around bottlenecks by managing and automating site configurations stored in XML or YAML schema. A cross-site request forgery vulnerability...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in the Patterns module before 7.x-2.2 for Drupal allow remote attackers to hijack the authentication of administrators for requests that 1 restore, 2 publish, or 3 unpublish a pattern via unspecified vectors...
CVE-2012-1631
Cross-site request forgery CSRF vulnerability in the Admin:hover module for Drupal allows remote attackers to hijack the authentication of administrators for requests that unpublish all nodes, and possibly other actions, via unspecified vectors...