Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-32587: WordPress WP Reactions Lite plugin <= 1.3.8 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WP Reactions, LLC WP Reactions Lite plugin <= 1.3.8 versions.

CVE
Open in Source
#csrf#vulnerability#wordpress#auth
GHSA-jr83-8x65-xcr5: Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability

Separate Groups mode restrictions were not honoured in the forum summary report, which would display users from other groups.

GHSA-26fg-v32r-h663: Moodle Exposure of Sensitive Information to an Unauthorized Actor vulnerability

H5P metadata automatically populated the author with the user's username, which could be sensitive information.

CVE-2023-32594: WordPress Hyphenator plugin <= 5.1.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Benedict B., Maciej Gryniuk Hyphenator plugin <= 5.1.5 versions.

CVE-2023-32739: WordPress WP Custom Cursors plugin < 3.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Web_Trendy WP Custom Cursors | WordPress Cursor Plugin plugin < 3.2 versions.

CVE-2023-34024: WordPress WP Full Auto Tags Manager plugin <= 2.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Guillemant David WP Full Auto Tags Manager plugin <= 2.2 versions.