#wordpress

CVE-2022-3282

The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. As a result, attackers could control the file length limit and bypass the limit set by admins in the contact form.

3 years ago

The Import all XML, CSV & TXT WordPress plugin before 6.5.8 does not have authorisation in some places, which could allow any authenticated users to access some of the plugin features if they manage to get the related nonce

3 years ago

The miniOrange Discord Integration WordPress plugin before 2.1.6 does not have authorisation and CSRF in some of its AJAX actions, allowing any logged in users, such as subscriber to call them, and disable the app for example

3 years ago

CVE

Open in Source

#csrf #wordpress #auth

CVE-2022-41623: WordPress ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 - Sensitive Data Exposure vulnerability - Patchstack

Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium plugin <= 1.1.0 on WordPress.

3 years ago

CVE

Open in Source

#vulnerability #wordpress #auth

CVE-2021-36915: Profile Builder – User Profile & User Registration Forms

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs Profile Builder plugin <= 3.6.0 at WordPress allows uploading the JSON file and updating the options. Requires Import and Export add-on.

3 years ago

CVE

Open in Source

#xss #csrf #vulnerability #web #ios #mac #windows #google #js #wordpress #php #perl #auth #chrome #firefox #sap

CVE-2021-36899: Asset CleanUp: Page Speed Booster

Authenticated (admin+) Reflected Cross-Site Scripting (XSS) vulnerability in Gabe Livan's Asset CleanUp: Page Speed Booster plugin <= 1.3.8.4 at WordPress.

3 years ago

CVE

Open in Source

#sql #xss #vulnerability #web #ios #windows #google #apache #redis #js #git #java #wordpress #php #perl #auth #chrome #firefox #sap #ssl

CVE-2021-36913: WordPress Redirection for Contact Form 7 plugin <= 2.4.0 - Unauthenticated Options Change and Content Injection vulnerability - Patchstack

Unauthenticated Options Change and Content Injection vulnerability in Qube One Redirection for Contact Form 7 plugin <= 2.4.0 at WordPress allows attackers to change options and inject scripts into the footer HTML. Requires an additional extension (plugin) AccessiBe.

3 years ago

CVE

Open in Source

#vulnerability #wordpress #auth

CVE-2022-33978: WordPress FontMeister plugin <= 1.08 - Reflected Cross-Site Scripting (XSS) vulnerability - Patchstack

Reflected Cross-Site Scripting (XSS) vulnerability FontMeister plugin <= 1.08 at WordPress.

3 years ago

CVE

Open in Source

#xss #vulnerability #wordpress

Hidden DNS resolver insecurity creates widespread website hijack risk

WordPress installations exposed to spoofed password reset vis cache poisoning threat

3 years ago

PortSwigger

Open in Source

#vulnerability #web #google #cisco #wordpress #pdf

Researchers Warn of New Phishing-as-a-Service Being Used by Cyber Criminals

Cyber criminals are using a previously undocumented phishing-as-a-service (PhaaS) toolkit called Caffeine to effectively scale up their attacks and distribute nefarious payloads. "This platform has an intuitive interface and comes at a relatively low cost while providing a multitude of features and tools to its criminal clients to orchestrate and automate core elements of their phishing

3 years ago

The Hacker News

Open in Source

#web #google #microsoft #git #wordpress #intel #The Hacker News

Tag

#wordpress