11 matches found
CVE-2026-35447
NamelessMC is website software for Minecraft servers. In version 2.2.4, the profile page modules/Core/pages/profile.php processes wall post submissions and replies before verifying whether the viewer is authorized to access the profile. This allows any user with the profile.post permission to wri...
CVE-2024-49313
Cross-Site Request Forgery CSRF vulnerability in rudestan VKontakte Wall Post vkontakte-wall-post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through = 2.0...
CVE-2024-49313
CVE-2024-49313 concerns the VKontakte Wall Post WordPress plugin (versions up to 2.0). Public data from RH and Patchstack confirm a CSRF vulnerability that enables Stored XSS, affecting the VKontakte Wall Post plugin as shipped (n/a through 2.0). The CVSSv3.1 base score is 7.1 (High) with impact ...
CVE-2024-49313 WordPress VKontakte Wall Post plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Cross-Site Request Forgery CSRF vulnerability in rudestan VKontakte Wall Post vkontakte-wall-post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through = 2.0...
WordPress plugin VKontakte Wall Post 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress VKontakte Wall Post plugin <= 2.0 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by SOPROBRO Patchstack Alliance in WordPress Plugin VKontakte Wall Post versions = 2.0...
WordPress VKontakte Wall Post Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)
Software VKontakte Wall Post Type Plugin Vulnerable versions = 2.0 Fixed in N/A OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-49313 Patch priority Low CVSS severity Low 7.1 Developer Claim ownership PSID 8218336b0b7e Credits SOPROBRO Required...
Automated posting on Vkontakte public pages using VK API and Python
Vk.com Vkontakte is the most popular social network Russia and Ex-USSR with 430+ million users. Originally it was a Facebook clone. But now, after 10 years of development, these two services are quite different from each other. Traditional advantages of vk.com - huge amount of free music and vide...
Chamilo LMS Insecure Direct Object Reference
Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Release Date: ============= 2016-02-15 Vulnerability...
Chamilo LMS IDOR - messageId Delete POST Injection
Chamilo LMS IDOR - messageId Delete POST Injection Document Title: =============== Chamilo LMS IDOR - messageId Delete POST Inject Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1720 Video: https://www.youtube.com/watch?v=3ApPhUIk12Y Relea...
New Facebook Scam : WTF I can't believe you're in this video !
New Facebook Scam : WTF I can't believe you're in this video ! If you happen to get a new wall post from your friend saying "WTF I can't believe you're in this vid" or "ROFL i cant believe youre tagged in this video" Its a new scam spreading on Facebook. Don't open or click on this link else it...