WordPress Hummingbird Plugin <= 3.9.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Hummingbird Type Plugin Vulnerable versions = 3.9.1 Fixed in 3.9.2 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-43117 Patch priority Low CVSS severity Low 4.3 Developer WPMU DEV PSID 6f3eebbe9837 Credits Rafie Muhammad Patchstack...

WordPress Hummingbird Plugin <= 3.7.3 is vulnerable to Broken Access Control

Software Hummingbird Type Plugin Vulnerable versions = 3.7.3 Fixed in 3.7.4 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-32792 Patch priority Low CVSS severity Low 4.3 Developer WPMU DEV PSID 9b701eb20e44 Credits Peng Zhou Required privilege...

WordPress Hummingbird Plugin < 3.3.2 - Stored Cross-Site Scripting Vulnerability

Tittle: WordPress Plugin Hummingbird Configs edit the "Name and Description" and put the following payload in the Name field: Save and Click 'Apply' to trigger the XSS Go to Hummingbird's Settings Configs and Upload the following config "id": 1, "name": "", "description": "Xss", "config":...