6 matches found
EUVD-2024-23219
Malicious code in bioql PyPI...
CVE-2024-25917
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in CodeRevolution WP Setup Wizard.This issue affects WP Setup Wizard: from n/a through 1.0.8.1...
CVE-2021-24803
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account a...
CVE-2021-24803 Core Tweaks WP Setup <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via CSRF
The Core Tweaks WP Setup WordPress plugin through 4.1 allows to bulk-set many settings in WordPress, including the admin email, as well as creating a new admin account. There is no CSRF protection in place, allowing an attacker to arbitrary change the admin email or create another admin account a...
CVE-2021-24803
The CVE-2021-24803 entry concerns the WordPress plugin Core Tweaks WP Setup (versions
WordPress Core Tweaks WP Setup plugin <= 4.1 - Arbitrary Admin Account Creation / Admin Email Update via Cross-Site Request Forgery (CSRF) vulnerability
Arbitrary Admin Account Creation / Admin Email Update via Cross-Site Request Forgery CSRF vulnerability discovered by Francesco Carlucci in WordPress Core Tweaks WP Setup plugin versions = 4.1. Solution Deactivate and delete. This plugin has been closed as of October 7, 2021 and is not available...