Cross site request forgery (csrf)

The site-offline plugin before 1.4.4 for WordPress lacks certain wpcreatenonce and wpverifynonce calls, aka CSRF...

CVE-2020-35773

CVE-2020-35773 concerns the WordPress Site Offline plugin prior to 1.4.4, which lacks several nonce checks (wp_create_nonce/wp_verify_nonce), enabling cross‑site request forgery (CSRF). The documented impact states that a logged‑in administrator could be coerced into changing plugin settings via ...

Redux Framework < 4.1.21 - CSRF Nonce Validation Bypass

The plugin did not properly validate some nonces, only checking them if their value was set. As a result, CSRF attacks could still be performed by not submitting the nonce in the request, bypassing the protection they are supposed to provide. Just don't send the parameters: $POST'nonce' or...

WordPress PureHTML plugin <= 1.0.0 - SQL Injection

No description provided by source. Exploit Title: WordPress PureHTML plugin = 1.0.0 SQL Injection Vulnerability Date: 2011-08-31 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/pure-html.1.0.0.zip Version: 1.0.0 tested Note:...

WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection

Exploit Title: WordPress Allow PHP in Posts and Pages plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- if!isset$POST'allowPHPNonce' if !wpverifynonce $POST'allowPHPNonce', pluginbasenameFILE header"location:".$refer; else...

WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection

WordPress Plugin Allow PHP in Posts and Pages 2.0.0.RC1 - SQL Injection Exploit Title: WordPress Allow PHP in Posts and Pages plugin 1,BENCHMARK5000000,MD5CHAR115,113,108,109,97,112,0 --------------- Vulnerable code --------------- if!isset$POST'allowPHPNonce' if !wpverifynonce...