Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

WordPress Yith WooCommerce Gift Cards Premium 3.19.0 Shell Upload

WordPress Yith WooCommerce Gift Cards Premium plugin versions 3.19.0 and below suffer from a remote shell upload vulnerability.

Packet Storm
#csrf#vulnerability#web#wordpress#intel#php#backdoor#auth
CVE-2022-46491: 🛡️ CSRF Add Background User in nbnbk · Issue #2 · Fanli2012/nbnbk

A Cross-Site Request Forgery (CSRF) vulnerability in the Add Administrator function of the default version of nbnbk allows attackers to arbitrarily add Administrator accounts.

CVE-2020-36625: Fix WebSocket upgrade CSRF vulnerability by 11k · Pull Request #35 · destinygg/chat

** UNSUPPORTED WHEN ASSIGNED ** A vulnerability was found in destiny.gg chat. It has been rated as problematic. This issue affects the function websocket.Upgrader of the file main.go. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is bebd256fc3063111fb4503ca25e005ebf6e73780. It is recommended to apply a patch to fix this issue. The identifier VDB-216521 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

GHSA-85fp-523q-5xwc: rdiffweb vulnerable to Cross-Site Request Forgery

rdiffweb prior to version 2.5.4 is vulnerable to Cross-Site Request Forgery (CSRF).

4images 1.9 Remote Command Execution

4images version 1.9 suffers from a remote command execution vulnerability.

CVE-2022-4646: huntr – Security Bounties for any GitHub repository

Cross-Site Request Forgery (CSRF) in GitHub repository ikus060/rdiffweb prior to 2.5.4.

CVE-2020-36622: Added CSRF prevention · sah-comp/bienlein@d7836a4

A vulnerability was found in sah-comp bienlein and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The name of the patch is d7836a4f2b241e4745ede194f0f6fb47199cab6b. It is recommended to apply a patch to fix this issue. The identifier VDB-216473 was assigned to this vulnerability.

Understanding the 3 Classes of Kubernetes Risk

The first step toward securing Kubernetes environments is understanding the risks they pose and identifying the ways in which those risks can be mitigated.

CVE-2022-4615: Cross Site Scripting (reflected) on fee_sheet_ajax.php in openemr

Cross-site Scripting (XSS) - Reflected in GitHub repository openemr/openemr prior to 7.0.0.2.

CVE-2022-4107

The SMSA Shipping for WooCommerce WordPress plugin before 1.0.5 does not have authorisation and proper CSRF checks, as well as does not validate the file to be downloaded, allowing any authenticated users, such as subscriber to download arbitrary file from the server