CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-24636 – Print My Blog < 3.4.2 - Plugin Deactivation via CSRF
https://notcve.org/view.php?id=CVE-2021-24636
The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link El plugin Print My Blog de WordPress versiones anteriores a 3.4.2, no aplica las comprobaciones de nonce (CSRF), lo que permite a atacantes hacer que los administradores que han iniciado sesión desactiven el plugin Print My Blog y eliminen todos los datos guardados para ese plugin al engañarlos para que abran un enlace malicioso The Print My Blog WordPress Plugin before 3.4.2 does not enforce nonce (CSRF) checks, which allows attackers to make logged in administrators deactivate the Print My Blog plugin and delete all saved data for that plugin by tricking them to open a malicious link. • https://wpscan.com/vulnerability/db8ace7b-7a44-4620-9fe8-ddf0ad520f5e • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2019-11565 – Print My Blog <= 1.6.6 - Server-Side Request Forgery
https://notcve.org/view.php?id=CVE-2019-11565
Server Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. El plugin Print My Blog, versiones anteriores a 1.6.7, para WordPress, puede sufrir un ataque Server Side Request Forgery (SSRF) a través del parámetro site. Server-Side Request Forgery (SSRF) exists in the Print My Blog plugin before 1.6.7 for WordPress via the site parameter. • http://dumpco.re/bugs/wp-plugin-print-my-blog-ssrf https://github.com/mnelson4/printmyblog/commit/8584a2839a541eb29fca64252e388c827af3ec21 https://plugins.trac.wordpress.org/changeset?old_path=%2Fprint-my-blog%2Ftrunk&old=2075667&new_path=%2Fprint-my-blog%2Ftrunk&new=2075667 https://wordpress.org/plugins/print-my-blog/#developers https://wpvulndb.com/vulnerabilities/9263 • CWE-918: Server-Side Request Forgery (SSRF) •