#wordpress

Proof of concept details for Oracle database versions 12.1.0.2, 12.2.0.1, 18c, and 19c that had a PDB isolation vulnerability allowing viewing of metadata for a different database within the same container.

Cross-Site Request Forgery (CSRF) vulnerability in Rextheme WP VR – 360 Panorama and Virtual Tour Builder For WordPress plugin <= 8.2.7 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Madalin Ungureanu, Antohe Cristian Client Portal – Private user pages and login plugin <= 1.1.8 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Plainware Locatoraid Store Locator plugin <= 3.9.11 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Calendar plugin <= 3.3.24.1 versions.

Russia, North Korea, Iran, and China have been caught using fake profiles to gather information. But the platform’s tools to weed them out only go so far.

Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Multiple Page Generator Plugin – MPG plugin <= 3.3.9 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Dynamic Keywords Injector plugin <= 2.3.15 versions.

Cross-Site Request Forgery (CSRF) vulnerability in Kesz1 Technologies ipBlockList plugin <= 1.0 versions.

Cross-Site Request Forgery (CSRF) vulnerability in HM Plugin Accept Stripe Donation – AidWP plugin <= 3.1.5 versions.