Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-1086

The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE
#csrf#wordpress
CVE-2023-0336

The OoohBoi Steroids for Elementor WordPress plugin before 2.1.5 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber to delete attachment.

CVE-2023-0500

The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE-2023-0501

The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE-2023-0502

The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE-2023-0335

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.

WebTareas 2.4 Cross Site Scripting

WebTareas version 2.4 suffers from multiple cross site scripting vulnerabilities.

CVE-2022-30705: WordPress Ping Optimizer plugin <= 2.35.1.2.3 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions.

GHSA-wxmq-v9gx-75pg: Moodle vulnerable to Cross-site Request Forgery

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.

CVE-2023-1612: SQL injection vulnerability exists in the /files/list-file interface of the rebuild system · Issue #598 · getrebuild/rebuild

A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223743.