4 matches found
CVE-2022-50955
WordPress Plugin Curtain 1.0.2 contains a cross-site request forgery vulnerability that allows attackers to activate or deactivate site maintenance mode by crafting malicious requests. Attackers can trick authenticated administrators into submitting forged requests to the options-general.php page...
CVE-2022-50955
CVE-2022-50955 affects the WordPress plugin Curtain 1.0.2. The issue is a cross-site request forgery (CSRF) that lets attackers toggle maintenance mode by crafting requests to options-general.php with curtain parameters, bypassing valid nonce validation. Impact is the ability to activate/deactiva...
WordPress Curtain 1.0.2 Cross Site Scripting Vulnerability
Exploit Title: Multiple Stored Cross-Site Scripting vulnerabilities in WordPress curtain plugin 1.0.2 Exploit Author: Hassan Khan Yusufzai - Splint3r7 Vendor Homepage: https://wordpress.org/plugins/curtain/ Version: 1.0.2 Tested on: Firefox Contact me: h at spidersilk.com Description Several...
WordPress Curtain plugin <= 1.0.2 - Stored Cross-Site Scripting (XSS) vulnerability
Stored Cross-Site Scripting XSS vulnerability was discovered by Hassan Khan Yusufzai Splint3r7 in the WordPress Curtain plugin versions = 1.0.2. Solution Deactivate and delete. This plugin has been closed as of April 27, 2022 and is not available for download. This closure is temporary, pending a...