PT-2022-13797 · WordPress · Discy

Name of the Vulnerable Software and Affected Versions: Discy WordPress theme versions prior to 5.0 Description: The issue allows any logged-in users, with privileges as low as Subscriber, to change theme options by sending a crafted POST request to the "discy update options" action due to a lack ...

CVE-2022-1424

The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site...

CVE-2022-1241

The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues...

CVE-2022-1424

The Ask me WordPress theme before 6.8.2 does not perform CSRF checks for any of its AJAX actions, allowing an attacker to trick logged in users to perform various actions on their behalf on the site...

CVE-2022-1422

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discyresetoptions, allowing an attacker to trick an admin into resetting the site settings back to defaults...

CVE-2022-1421

The Discy WordPress theme before 5.2 lacks CSRF checks in some AJAX actions, allowing an attacker to make a logged in admin change arbitrary 's settings including payment methods via a CSRF attack...

CVE-2022-1241

The Ask me WordPress theme before 6.8.2 does not properly sanitise and escape several of the fields in the Edit Profile page, leading to Reflected Cross-Site Scripting issues...

WordPress theme Discy 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress theme Discy plugin versions prior to 5.2 contain a cross-site request forgery vulnerability that...

CVE-2022-1422 Discy < 5.2 - Restore Default Settings via CSRF

The Discy WordPress theme before 5.2 does not check for CSRF tokens in the AJAX action discyresetoptions, allowing an attacker to trick an admin into resetting the site settings back to defaults...

CVE-2022-1422

CVE-2022-1422 concerns the WordPress theme Discy (versions before 5.2). The exposed issue is a CSRF in the AJAX endpoint discy_reset_options , which attackers can abuse to trick an admin into restoring site settings to defaults. Connected sources (Red Hat, CNVD, CVE lists, PatchStack/WP vuln DB) ...

WordPress JupiterX premium theme <= 2.0.6 - Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification

Insufficient Access Control leading to Authenticated Arbitrary Plugin Deactivation and Settings Modification discovered by Ramuel Gall Wordfence in WordPress JupiterX premium theme versions = 2.0.6. Solution Update the WordPress JupiterX premium theme to the latest available version at least 2.0....

CVE-2022-1170

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests...

CVE-2022-1167

There are unauthenticated reflected Cross-Site Scripting XSS vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters...

CVE-2022-1167

There are unauthenticated reflected Cross-Site Scripting XSS vulnerabilities in CareerUp Careerup WordPress theme before 2.3.1, via the filter parameters...

Null pointer dereference

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests...

CVE-2022-1170 JobMonster < 4.5.2.9 - Unauthenticated Reflected Cross-Site Scripting

In the Noo JobMonster WordPress theme before 4.5.2.9 JobMonster there is a XSS vulnerability as the input for the search form is provided through unsanitized GET requests...

CVE-2022-1170

CVE-2022-1170 affects the Noo JobMonster WordPress theme prior to version 4.5.2.9. The vulnerability is a cross-site scripting (XSS) flaw in the search form input, which is processed via unsanitized GET requests. The Nuclei template summarises the issue and confirms the vulnerable component as th...

Eyecix Careerfy跨站脚本漏洞

Eyecix Careerfy is a WordPress theme from Eyecix Pakistan.A cross-site scripting vulnerability exists in versions prior to Eyecix Careerfy 3.9.0, which stems from the program's lack of data validation filtering of user-supplied and output data. An attacker could exploit the vulnerability to execu...

CVE-2020-36510

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cbsa AJAX action, leading to a Reflected Cross-Site Scripting...

CVE-2020-36510 15Zine < 3.3.0 - Reflected Cross-Site Scripting

The 15Zine WordPress theme before 3.3.0 does not sanitise and escape the cbi parameter before outputing it back in the response via the cbsa AJAX action, leading to a Reflected Cross-Site Scripting...