CVE-2024-2968

The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

EUVD-2024-27909

Malicious code in bioql PyPI...

EUVD-2024-27908

Malicious code in bioql PyPI...

CVE-2024-2969

The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...

CVE-2024-2969

The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...

CVE-2024-2969 WP-Eggdrop <= 0.1 - Cross-Site Request Forgery to Settings Update

The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...

CVE-2024-2969 WP-Eggdrop <= 0.1 - Cross-Site Request Forgery to Settings Update

The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...

CVE-2024-2968 WP-Eggdrop <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting

The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

WordPress WP-Eggdrop Plugin <= 0.1 is vulnerable to Cross Site Scripting (XSS)

Software WP-Eggdrop Type Plugin Vulnerable versions = 0.1 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-2968 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 803cdc78c1d9 Credits Benedictus Jovan Required privile...

WP-Eggdrop <= 0.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The WP-Eggdrop plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

PT-2024-22963 · WordPress · Wp-Eggdrop

Name of the Vulnerable Software and Affected Versions: WP-Eggdrop plugin for WordPress versions up to, and including, 0.1 Description: The issue is related to a Cross-Site Request Forgery vulnerability due to missing or incorrect nonce validation in the wpegg updateOptions function. This allows...