CVE-2023-4689

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveelements function. This makes it possible for unauthenticated attackers to enable/disable...

WordPress plugin 跨站脚本漏洞

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. cross-site scripting vulnerability exists in versions prior to WordPress plugin Mobile Events Manager 1.4.4. The...

The vulnerability lies in the implementation of the /woocommerce-stock-manager/trunk/admin/views/import-export.php function, which handles import/export operations for the WooCommerce Stock Manager plugin. This plugin is a content management system for WordPress websites. An attacker can exploit this vulnerability to perform a CSRF attack.

The vulnerability in the implementation of the /woocommerce-stock-manager/trunk/admin/views/import-export.php function, which handles plugin imports/exports for the WooCommerce Stock Manager content management system for WordPress, relates to unlimited loading of dangerous files. Exploiting this...