CVE-2025-12879 User Generator and Importer <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...

WordPress Event Theme <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software Event Type Theme Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35711 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID d5f7b8ac39ab Credits stealthcopter Required privilege Contributor...

WordPress Novelist Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software Novelist Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-32093 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID a2c840335cd8 Credits Dhabaleshwar Das Required...

PT-2024-18422 · Unknown · Osuuu Lightpicture

Name of the Vulnerable Software and Affected Versions: osuuu LightPicture versions up to 1.2.2 Description: A critical issue has been found in osuuu LightPicture, affecting the function handle of the file /app/middleware/TokenVerify.php. The manipulation leads to the use of a hard-coded...

WordPress WooCommerce Box Office Plugin <= 1.2.2 is vulnerable to Broken Access Control

Software WooCommerce Box Office Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24799 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 2e62ee904d23 Credits Rafie Muhammad...

WordPress BuddyForms Attach Post with Group Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Attach Post with Group Type Plugin Vulnerable versions = 1.2.2 Fixed in 1.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 9d4312fdd8bd Credits Rafie Muhammad...

WordPress LetterPress Plugin <= 1.2.2 is vulnerable to Cross Site Scripting (XSS)

Software LetterPress Type Plugin Vulnerable versions = 1.2.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-27415 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 71ef1d80815f Credits Pavak Tiwari Required privile...

@agoric/cosmic-swingset (>=0.10.8 <=0.18.0), @agoric/ertp (>=0.1.4 <=0.4.1) +18 more potentially affected by CVE-2021-23594 via realms-shim (=1.2.2)

realms-shim NPM version =1.2.2 is affected by a known vulnerability. The following packages have a transitive dependency on realms-shim and may be impacted: - @agoric/cosmic-swingset =0.10.8, =0.1.4, =0.0.1, =0.1.1, =0.0.1, =0.0.20, =0.1.0, =2.0.1, =1.0.0, =0.0.1, =0.4.1, =0.0.6, =0.0.1-alpha2,...