Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

WordPress Slider Revolution 3.0.8 Directory Traversal

WordPress Slider Revolution plugin version 3.0.8 suffers from a directory traversal vulnerability.

Packet Storm
Open in Source
#sql#xss#csrf#vulnerability#web#ios#mac#windows#apple#google#ubuntu#linux#debian#cisco#java#wordpress#php#perl#auth#ruby#firefox
RHSA-2023:0017: Red Hat Security Advisory: OpenShift Container Platform 4.8.56 packages and security update

Red Hat OpenShift Container Platform release 4.8.56 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-2048: http2-server: Invalid HTTP/2 requests cause DoS * CVE-2022-29047: Pipeline Shared Groovy Libraries: Untrusted users can modify some Pipeline libraries in Pipeline Shared Groovy Librari...

WordPress Royal Elementor 1.3.59 XSS / CSRF / Insufficient Access Controls

WordPress Royal Elementor add-ons versions 1.3.59 and below suffer from cross site request forgery, insufficient access control, cross site scripting vulnerabilities.

Medisense-Healthcare Solutions CRM 2.0 Cross Site Request Forgery

Medisense-Healthcare Solutions CRM version 2.0 suffers from a cross site request forgery vulnerability.

CVE-2022-4700: Eleven Vulnerabilities Patched in Royal Elementor Addons

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wpr_activate_required_theme' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to activate the 'royal-elementor-kit' theme. If no such theme is installed doing so can also impact site availability as the site attempts to load a nonexistent theme.

Tiki Wiki CMS Groupware 24.1 tikiimporter_blog_wordpress.php PHP Object Injection

Tiki Wiki CMS Groupware versions 24.1 and below suffer from a PHP object injection vulnerability in tikiimporter_blog_wordpress.php.

Tiki Wiki CMS Groupware 24.0 grid.php PHP Object Injection

Tiki Wiki CMS Groupware versions 24.0 and below suffers from a PHP object injection vulnerability in grid.php.

Tiki Wiki CMS Groupware 25.0 Cross Site Request Forgery

Tiki Wiki CMS Groupware versions 25.0 and below suffer from multiple cross site request forgery vulnerabilities.

CVE-2022-4426

The Mautic Integration for WooCommerce WordPress plugin before 1.0.3 does not have proper CSRF check when updating settings, and does not ensure that the options to be updated belong to the plugin, allowing attackers to make a logged in admin change arbitrary blog options via a CSRF attack.