18 matches found
CVE-2023-29385
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.2 versions...
EUVD-2023-32957
Malicious code in bioql PyPI...
EUVD-2023-32335
Malicious code in bioql PyPI...
EUVD-2023-40466
Malicious code in bioql PyPI...
CVE-2023-36517
Cross-Site Request Forgery CSRF vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.2 versions...
CVE-2023-28692
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.3 versions...
CVE-2025-32591
CVE-2025-32591 describes a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin WP Abstracts (Kevon Adonis). Affected: WP Abstracts versions up to 2.7.4 (from n/a). CVSS 3.1 base score 7.1 (HIGH): Network attack vector, Low confidentiality/integrity/availability impact, UI requ...
CVE-2024-12386
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. This is due to missing nonce validation on multiple functions. This makes it possible for unauthenticated attackers to delete arbitrary accounts via a forged request...
CVE-2024-12386
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. This is due to missing nonce validation on multiple functions. This makes it possible for unauthenticated attackers to delete arbitrary accounts via a forged request...
CVE-2024-12386
The CVE-2024-12386 entry concerns the WP Abstracts WordPress plugin (prevalent versions up to 2.7.3) and documents a Cross-Site Request Forgery (CSRF) flaw caused by missing nonce validation in multiple functions. Exploitation requires an administrator to perform an action (e.g., click a forged l...
CVE-2024-12386 WP Abstracts <= 2.7.3 - Cross-Site Request Forgery to Arbitrary Account Deletion
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.3. This is due to missing nonce validation on multiple functions. This makes it possible for unauthenticated attackers to delete arbitrary accounts via a forged request...
CVE-2024-12385
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstractsloadstatus and wpabstractsdeleteabstracts functions. This makes it possible for unauthenticated attackers to...
CVE-2024-12385 WP Abstracts <= 2.7.2 - Cross-Site Request Forgery to Reflected Cross-Site Scripting
The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstractsloadstatus and wpabstractsdeleteabstracts functions. This makes it possible for unauthenticated attackers to...
CVE-2023-28692 WordPress WP Abstracts Plugin <= 2.6.3 is vulnerable to Cross Site Scripting (XSS)
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.3 versions...
CVE-2023-36517
Cross-Site Request Forgery CSRF vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.2 versions...
CVE-2023-36517
Cross-Site Request Forgery CSRF vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.2 versions...
Cross site request forgery (csrf)
Cross-Site Request Forgery CSRF vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.2 versions...
CVE-2023-29385 WordPress WP Abstracts Plugin <= 2.6.2 is vulnerable to Cross Site Scripting (XSS)
Unauth. Reflected Cross-Site Scripting XSS vulnerability in Kevon Adonis WP Abstracts plugin = 2.6.2 versions...