CVE-2023-2189 Elementor Addons, Widgets and Enhancements – Stax <= 1.4.3 - Missing Authorization in toggle_widget

The Elementor Addons, Widgets and Enhancements – Stax plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the togglewidget function in versions up to, and including, 1.4.3. This makes it possible for authenticated attackers, with...

Logitech: Privilege Escalation Leads to Control The Owner Access Token Which leads to control the stream [streamlabs.com]

Hi Security team, Summary: I was able as Administrator to change the account owner access token Description: As Administrator i have high privileges but i have some restricted areas F1278364 For example i got invitation from MrX with Administrator role. When i navigated to MrX account as...

Disqus 2.7.5 Cross Site Request Forgery / Cross Site Scripting

Exploit for php platform in category web applications disqus csrf reset -- -- alert1;' / 0day.today 2018-03-09...

WordPress Widget Control Powered Plugin <= 1.0.1 - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability in wp-admin/admin.php idDropdown parameter. Solution Update the plugin...

WordPress Widget Control 1.0.1 Cross Site Scripting

============================================================== Title ...| XSS in Widget Control Powered By Everyblock Version .| widget-control-powered-by-everyblock.1.0.1 Date ....| 23.02.2014 Found ...| HauntIT Blog Home ....| http://wordpress.org/plugins/...