EUVD-2015-9196

Malware in sbrugna...

EUVD-2014-9280

Malware in sbrugna...

CVE-2015-9356

The wp-vipergb plugin before 1.3.16 for WordPress has XSS via addqueryarg and removequeryarg, a different issue than CVE-2014-9460...

WordPress WP-ViperGB plugin <= 1.6.1 - Cross-Site Request Forgery vulnerability

Cross-Site Request Forgery vulnerability discovered by Benedictus Jovan aillesiM in WordPress Plugin WP ViperGB versions = 1.6.1...

CVE-2024-4409

The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a...

CVE-2024-4409

CVE-2024-4409 : The WP-ViperGB WordPress plugin (all versions up to 1.6.1) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation when saving settings. This allows unauthenticated attackers to alter plugin settings by tricking an administrator into performing an act...

CVE-2024-4409 WP-ViperGB <= 1.6.1 - Cross-Site Request Forgery

The WP-ViperGB plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin's settings via a...

WordPress plugin WP-ViperGB 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

WordPress WP ViperGB Plugin <= 1.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP ViperGB Type Plugin Vulnerable versions = 1.6.1 Fixed in 1.6.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-4409 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ce16817d4da2 Credits Benedictus Jovan aillesiM...

PT-2024-30942 · WordPress · Wp-Vipergb

Name of the Vulnerable Software and Affected Versions: WP-ViperGB plugin for WordPress versions up to, and including, 1.6.1 Description: The issue is due to missing or incorrect nonce validation when saving plugin settings, making it possible for unauthenticated attackers to change the plugin's...

WordPress wp-vipergb plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. wp-vipergb is a message board plugin used in it. A cross-site scripting vulnerability exists in the WordPress wp-viper...

CVE-2015-9356

The wp-vipergb plugin before 1.3.16 for WordPress has XSS via addqueryarg and removequeryarg, a different issue than CVE-2014-9460...

Code injection

The wp-vipergb plugin before 1.3.16 for WordPress has XSS via addqueryarg and removequeryarg, a different issue than CVE-2014-9460...

CVE-2015-9356

CVE-2015-9356 concerns the WP-ViperGB WordPress plugin prior to version 1.3.16, where an XSS vulnerability exists via add_query_arg() and remove_query_arg(). The issue is distinct from CVE-2014-9460 and is documented across multiple sources in the connected set, including Red Hat and CVE records....

CVE-2015-9356

The wp-vipergb plugin before 1.3.16 for WordPress has XSS via addqueryarg and removequeryarg, a different issue than CVE-2014-9460...

WP ViperGB < 1.3.16 - XSS

The WP-ViperGB WordPress plugin was affected by a XSS security vulnerability...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that 1 change plugin settings via unspecified vectors or conduct cross-site scripting XSS attacks via th...

CVE-2014-9460

CVE-2014-9460 affects the WordPress WP-ViperGB plugin prior to 1.3.11. Multiple CSRF flaws allow remote attackers to hijack administrator authentication by submitting requests that (1) change plugin settings via unspecified vectors or (2)-(3) trigger XSS via vgb_page or vgb_items_per_pg on wp-adm...

WordPress WP ViperGB Plugin <= 1.3.10 - Multiple CSRF and XSS

Because of these cross site request forgery vulnerabilities, the attackers can hijack the authentication of administrators for requests. In that way they can change plugin settings via unspecified vectors or conduct cross-site scripting attacks. Solution Update the plugin...

WordPress WP-ViperGB 1.3.10 CSRF / XSS

Title: WordPress 'WP-ViperGB' plugin - CSRF/XSS Version: 1.3.10 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2014/12/12 Download: https://wordpress.org/plugins/wp-vipergb/ Notified WordPress: 2014/11/27 ---------------------------------------------------------------- Description:...