4 matches found
CVE-2024-12206 Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion
The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the stmheaderbuilder page. This makes it possible for unauthenticated attackers to dele...
CVE-2024-12206 Wordpress Header Builder Plugin <= 1.3.8 - Cross-Site Request Forgery to Header Deletion
The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing or incorrect nonce validation on the stmheaderbuilder page. This makes it possible for unauthenticated attackers to dele...
CVE-2024-5468
The WordPress Header Builder Plugin – Pearl plugin for WordPress is vulnerable to unauthorized site option deletion due to a missing validation and capability checks on the stmhbdelete function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to...
CVE-2022-38356
Cross-Site Request Forgery CSRF vulnerability in StylemixThemes WordPress Header Builder Plugin – Pearl plugin = 1.3.4 versions...