Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-24626: wp-plugin : chameleon-css | Code Vigilant : to err is human.. To fix is Humanity

The Chameleon CSS WordPress plugin through 1.2 does not have any CSRF and capability checks in all its AJAX calls, allowing any authenticated user, such as subscriber to call them and perform unauthorised actions. One of AJAX call, remove_css, also does not sanitise or escape the css_id POST parameter before using it in a SQL statement, leading to a SQL Injection

CVE
#sql#csrf

Related news

CVE-2021-24625: wp-plugin : catalog | Code Vigilant : to err is human.. To fix is Humanity

The SpiderCatalog WordPress plugin through 1.7.3 does not sanitise or escape the 'parent' and 'ordering' parameters from the admin dashboard before using them in a SQL statement, leading to a SQL injection when adding a category

CVE-2021-24403: wp-plugin : wpagecontact | Code Vigilant : to err is human.. To fix is Humanity

The Orders functionality in the WordPress Page Contact plugin through 1.0 has an order_id parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection. The feature is available to low privilege users such as contributors

CVE-2021-24401: wp-plugin : wp-domain-redirect | Code Vigilant : to err is human.. To fix is Humanity

The Edit domain functionality in the WP Domain Redirect WordPress plugin through 1.0 has an `editid` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

CVE-2021-24399: wp-plugin : the-sorter | Code Vigilant : to err is human.. To fix is Humanity

The check_order function of The Sorter WordPress plugin through 1.0 uses an `area_id` parameter which is not sanitised, escaped or validated before inserting to a SQL statement, leading to SQL injection.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907