4 matches found
PT-2025-27842 · WordPress · Rd Contacto
Name of the Vulnerable Software and Affected Versions: RD Contacto plugin for WordPress versions prior to 1.4 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the rdWappUpdateData function. This allows unauthenticated attackers to...
CVE-2017-13905
A race condition was addressed with additional validation. This issue is fixed in tvOS 11.2, iOS 11.2, macOS High Sierra 10.13.2, Security Update 2017-002 Sierra, and Security Update 2017-005 El Capitan, watchOS 4.2. An application may be able to gain elevated privileges...
PT-2023-12524 · WordPress · Wp Prayer
Name of the Vulnerable Software and Affected Versions: WP Prayer plugin for WordPress versions up to, and including, 1.6.5 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save and export functions. This allows unauthenticated...
PT-2023-11885 · WordPress · Wp Project Manager
Name of the Vulnerable Software and Affected Versions: WP Project Manager plugin for WordPress versions up to, and including, 2.4.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the do updates function. This allows unauthenticated...