CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery by Supsystic plugin <= 1.15.5 at WordPress allows changing the plugin settings.

 Verified

 Not fixed

**5.4**

CVSS 3.1 score Medium severity

Monitoring Coming soon

Vulnerable versions

<= 1.15.5

PSID 

e788749fb051

Classification 

Cross Site Request Forgery (CSRF)

OWASP Top 10 

A5: Broken Access Control

Publicly disclosed

2022-06-15

**Details**

Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change discovered by Rasi Afeef (Patchstack Alliance) in WordPress Photo Gallery by Supsystic plugin (versions <= 1.15.5).

**Solution**

No patched version available. No reply from the vendor.

**References**

CVE-2021-36891: WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change - Patchstack

Headline

CVE-2021-36891: WordPress Photo Gallery by Supsystic plugin <= 1.15.5 - Cross-Site Request Forgery (CSRF) leading to Plugin Settings Change - Patchstack

CVE: Latest News