23 matches found
WordPress WP Manager plugin cross-site request forgery vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A cross-site request forgery vulnerability exists in the WordPress WP Manager plugin, which arises from a web application that does not adequately validate that a request is...
EUVD-2023-3157
Malicious code in bioql PyPI...
CVE-2024-1642
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it possible for...
CVE-2023-38519
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3...
CVE-2023-6164
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, wit...
CVE-2016-15041 MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance Plugin <= 3.1.2 - Stored Cross-Site Scripting
The MainWP Dashboard – The Private WordPress Manager for Multiple Website Maintenance plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mwpsetuppurchaseusername’ parameter in versions up to, and including, 3.1.2 due to insufficient input sanitization and output escaping...
CVE-2016-15041
Summary: CVE-2016-15041 affects the MainWP Dashboard plugin for WordPress, versions up to and including 3.1.2. It is a stored XSS due to insufficient input sanitization and output escaping in the mwp_setup_purchase_username parameter, exploitable by unauthenticated attackers. Impact (as documente...
CVE-2024-1642
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it possible for...
CVE-2024-1642 MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it possible for...
CVE-2024-1642
CVE-2024-1642 affects the MainWP Dashboard: WordPress Manager for Multiple Websites Maintenance plugin. The issue is a Cross-Site Request Forgery (CSRF) in the posting_bulk function caused by missing/incorrect nonce validation, allowing unauthenticated attackers to delete arbitrary posts if a sit...
CVE-2024-1642 MainWP Dashboard <= 4.6.0.1 - Cross-Site Request Forgery via posting_bulk
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it possible for...
MainWP Dashboard < 5.0 - Cross-Site Request Forgery via posting_bulk
Description The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.0.1. This is due to missing or incorrect nonce validation on the 'postingbulk' function. This makes it...
GHSA-87FG-9X5W-J3RM MainWP Dashboard SQL Command Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3...
MainWP Dashboard SQL Command Injection vulnerability
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3...
CVE-2023-38519
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3...
CVE-2023-38519
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3...
Sql injection
Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in MainWP MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance.This issue affects MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance: from n/a through 4.4.3.3...
CVE-2023-38519
The CVE-2023-38519 entry corresponds to the MainWP WordPress Dashboard (MainWP Plugin) SQL Injection vulnerability. Affected versions are MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance up to 4.4.3.3. The root cause is improper handling/escaping in SQL queries, enabling an ...
MainWP Dashboard < 4.5.1.3 - Authenticated(Administrator+) CSS Injection
Description The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated...
CVE-2023-6164
The MainWP Dashboard – WordPress Manager for Multiple Websites Maintenance plugin for WordPress is vulnerable to CSS Injection via the ‘newColor’ parameter in all versions up to, and including, 4.5.1.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, wit...