WordPress wpCentral <1.5.1 - Information Disclosure

WordPress wpCentral plugin before 1.5.1 is susceptible to information disclosure. An attacker can access the connection key for WordPress Admin account and thus potentially obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2020-9043 info: name: WordPress...

EUVD-2023-46345

Malicious code in bioql PyPI...

CVE-2023-41854

Cross-Site Request Forgery CSRF vulnerability in Softaculous Ltd. WpCentral plugin = 1.5.7 versions...

CVE-2020-9043

The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key...

CVE-2023-41854

Cross-Site Request Forgery CSRF vulnerability in Softaculous Ltd. WpCentral plugin = 1.5.7 versions...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Softaculous Ltd. WpCentral plugin = 1.5.7 versions...

CVE-2023-41854 WordPress wpCentral Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Softaculous Ltd. WpCentral plugin = 1.5.7 versions...

CVE-2023-41854 WordPress wpCentral Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Softaculous Ltd. WpCentral plugin = 1.5.7 versions...

CVE-2023-41854

CVE-2023-41854 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress wpCentral plugin, affecting versions 1.5.7 and earlier. Public sources consistently state the issue allows unauthenticated CSRF actions against the plugin. Remediation advised by sources is to upgrade to a versio...

PT-2023-28120 · Softaculous · Wpcentral

Name of the Vulnerable Software and Affected Versions: Softaculous Ltd. WpCentral plugin versions = 1.5.7 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

wpCentral <= 1.5.7 - Settings Update via CSRF

Description The plugin does not have CSRF checks when updating allowed IP addresses and reseting connection key, which could allow attackers to make logged in admins perform such actions via CSRF attacks...

WordPress wpCentral Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software wpCentral Type Plugin Vulnerable versions = 1.5.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-41854 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID fd3ebefe9e97 Credits Rio Darmawan Required...

VulnCheck KEV: CVE-2020-9043

The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key...

CVE-2020-9043

The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key...

CVE-2020-9043

The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key...

Design/Logic Flaw

The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key...

CVE-2020-9043

CVE-2020-9043 – WordPress wpCentral

CVE-2020-9043

The wpCentral plugin before 1.5.1 for WordPress allows disclosure of the connection key...

wpCentral < 1.5.1 - Improper Access Control to Privilege Escalation

The flaw allowed anybody to escalate their privileges to those of an administrator, as long as subscriber-level registration was enabled on a given WordPress site with the vulnerable plugin installed. 1. Log in as Subscriber. 2. Scrape the page /wp-admin/index.php for the connection key. i.e. vie...

WordPress wpCentral plugin <= 1.5.0 - Improper Access Control vulnerability leading to Privilege Escalation

Improper Access Control vulnerability leading to Privilege Escalation discovered by WordFence in WordPress wpCentral plugin versions = 1.5.0. Solution Update the WordPress wpCentral plugin to the latest available version at least 1.5.1...