#wordpress

Microsoft Releases Updates to Patch Critical Flaws in Windows and Other Software

Microsoft has rolled out fixes for its Windows operating system and other software components to remediate major security shortcomings as part of Patch Tuesday updates for June 2023. Of the 73 flaws, six are rated Critical, 63 are rated Important, two are rated Moderated, and one is rated Low in severity. This also includes three issues the tech giant addressed in its Chromium-based Edge browser

CVE-2023-3200: mstore-api.php in mstore-api/trunk – WordPress Plugin Repository

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_message function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

2 years ago

CVE

Open in Source

#sql #web #js #git #wordpress #php #auth

CVE-2023-3201: Changeset 2925048 for mstore-api – WordPress Plugin Repository

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_new_order_title function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

2 years ago

CVE

Open in Source

#sql #js #git #wordpress #php #auth

CVE-2023-3203: MStore API <= 3.9.6 - Cross-Site Request Forgery to Product Limit Update — Wordfence Intelligence

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

2 years ago

CVE

Open in Source

#vulnerability #wordpress #intel #perl #auth

CVE-2023-3198: MStore API <= 3.9.6 - Cross-Site Request Forgery to Order Status Update — Wordfence Intelligence

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_message function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

2 years ago

CVE

Open in Source

#vulnerability #wordpress #intel #perl #auth

CVE-2023-27624: WordPress Redirect After Login plugin <= 0.1.9 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Marcelotorres Redirect After Login plugin <= 0.1.9 versions.

2 years ago

CVE

Open in Source

#xss #vulnerability #web #wordpress #auth

CVE-2023-25978: WordPress Protected Posts Logout Button plugin <= 1.4.5 - Cross Site Scripting (XSS) vulnerability - Patchstack

Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Nate Reist Protected Posts Logout Button plugin <= 1.4.5 versions.