12 matches found
EUVD-2025-2989
Malicious code in bioql PyPI...
CVE-2025-22779
Missing Authorization vulnerability in codeaffairs WP News Sliders wp-news-sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through = 1.0...
CVE-2023-0502
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2025-22779
Missing Authorization vulnerability in codeaffairs WP News Sliders wp-news-sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through = 1.0...
CVE-2025-22779 WordPress WP News Sliders plugin <= 1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in codeaffairs WP News Sliders wp-news-sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through = 1.0...
CVE-2025-22779 WordPress WP News Sliders plugin <= 1.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in codeaffairs WP News Sliders wp-news-sliders allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP News Sliders: from n/a through = 1.0...
WordPress WP News and Scrolling Widgets Plugin <= 4.8 is vulnerable to Broken Access Control
Software WP News and Scrolling Widgets Type Plugin Vulnerable versions = 4.8 Fixed in 4.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-40200 Patch priority Medium CVSS severity Medium 5.3 Developer Claim ownership PSID a844c6c0c8f3 Credits Abdi Pranata...
CVE-2023-0502
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2023-0502
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
Cross site request forgery (csrf)
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2023-0502
The CVE-2023-0502 entry concerns the WordPress WP News plugin (versions up to 1.1.9) lacking CSRF protection when activating plugins. Root cause is missing CSRF validation on the plugin_activation workflow, allowing an authenticated attacker to trigger activation of arbitrary plugins via CSRF. Im...
CVE-2023-0502 WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...