EUVD-2019-4406

Malware in sbrugna...

WordPress 2by2host Widget Logic Plugin Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports personal blog sites on PHP and MySQL servers. 2by2host Widget Logic plugin is a web widget control plugin used in it. A cross-site request forgery vulnerability exists in the...

CVE-2019-12826

A Cross-Site-Request-Forgery CSRF vulnerability in widgetlogic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets that are attached to widgets and then eval'd to dynamically determine their visibility by crafting a maliciou...

CVE-2019-12826

A Cross-Site-Request-Forgery CSRF vulnerability in widgetlogic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets that are attached to widgets and then eval'd to dynamically determine their visibility by crafting a maliciou...

Cross site request forgery (csrf)

A Cross-Site-Request-Forgery CSRF vulnerability in widgetlogic.php in the 2by2host Widget Logic plugin before 5.10.2 for WordPress allows remote attackers to execute PHP code via snippets that are attached to widgets and then eval'd to dynamically determine their visibility by crafting a maliciou...

CVE-2019-12826

CVE-2019-12826 affects the WordPress Widget Logic plugin (widget_logic.php) prior to version 5.10.2. The vulnerability is a CSRF that allows remote attackers to inject and execute PHP code by crafting a malicious POST request, leveraging snippets stored in widgets that are eval’d to determine vis...