#wordpress

CVE-2022-40692: WordPress Sunshine Photo Cart plugin <= 2.9.13 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WP Sunshine Sunshine Photo Cart plugin <= 2.9.13 versions.

2 years ago

CVE

Open in Source

#csrf #vulnerability #wordpress #auth

CVE-2022-44585: WordPress Homepage PopUp plugin <= 1.2.5 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Magneticlab Sàrl Homepage Pop-up plugin <= 1.2.5 versions.

2 years ago

CVE

Open in Source

#csrf #vulnerability #wordpress #auth

CVE-2022-45067: WordPress Exclusive Addons for Elementor plugin <= 2.6.1 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in DevsCred Exclusive Addons Elementor plugin <= 2.6.1 versions.

2 years ago

CVE

Open in Source

#csrf #vulnerability #wordpress #auth

CVE-2022-45807: WordPress WP Mail Log plugin <= 1.0.1 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) in WPVibes WP Mail Log plugin <= 1.0.1 versions.

2 years ago

CVE

Open in Source

#csrf #vulnerability #wordpress #auth

CVE-2022-46842: WordPress JS Help Desk plugin <= 2.7.1 - Multiple Cross Site Request Forgery (CSRF) Vulnerabilities - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in JS Help Desk plugin <= 2.7.1 versions.

2 years ago

CVE

Open in Source

#csrf #vulnerability #js #wordpress #auth

CVE-2022-46815: WordPress Conditional Shipping for WooCommerce plugin <= 2.3.1 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin <= 2.3.1 versions.

2 years ago

CVE

Open in Source

#csrf #vulnerability #wordpress #auth

CVE-2023-0253: real-media-library

The Real Media Library: Media Library Folder & File Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via folder names in versions up to, and including, 4.18.28 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers with author-level permissions and above to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

2 years ago

CVE

Open in Source

#xss #web #wordpress #auth

WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference, cross site request forgery as well as cross site scripting in versions up to, and including, 2.0.2.

2 years ago

Packet Storm

Open in Source

#xss #csrf #vulnerability #git #wordpress #intel #php #perl #auth

CVE-2022-2546

The All-in-One WP Migration WordPress plugin before 7.63 uses the wrong content type, and does not properly escape the response from the ai1wm_export AJAX action, allowing an attacker to craft a request that when submitted by any visitor will inject arbitrary html or javascript into the response that will be executed in the victims session. Note: This requires knowledge of a static secret key

2 years ago

CVE

Open in Source

#java #wordpress #perl

Content Delivery Network (CDN) FAQs

By Owais Sultan What is a CDN? How can businesses benefit from a CDN? and What to look for in a CDN provider? This is a post from HackRead.com Read the original post: Content Delivery Network (CDN) FAQs

2 years ago

HackRead

Open in Source

#web #ios #amazon #java #wordpress #ssl

Tag

#wordpress