Page 8 of 659 results (0.005 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-Site Request Forgery (CSRF) vulnerability in Frédéric GILLES FG PrestaShop to WooCommerce, Frédéric GILLES FG Drupal to WordPress, Frédéric GILLES FG Joomla to WordPress.This issue affects FG PrestaShop to WooCommerce: from n/a through 4.44.3; FG Drupal to WordPress: from n/a through 3.67.0; FG Joomla to WordPress: from n/a through 4.15.0. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Frédéric GILLES FG PrestaShop a WooCommerce, Frédéric GILLES FG Drupal a WordPress, Frédéric GILLES FG Joomla a WordPress. Este problema afecta a FG PrestaShop a WooCommerce: desde n/a hasta 4.44.3; FG Drupal a WordPress: desde n/a hasta 3.67.0; FG Joomla a WordPress: desde n/a hasta 4.15.0. The FG Drupal to WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.67.0. This is due to missing or incorrect nonce validation on the ajax_importer() function. • https://patchstack.com/database/vulnerability/fg-drupal-to-wp/wordpress-fg-drupal-to-wordpress-plugin-3-67-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/fg-joomla-to-wordpress/wordpress-fg-joomla-to-wordpress-plugin-4-15-0-cross-site-request-forgery-csrf-vulnerability?_s_id=cve https://patchstack.com/database/vulnerability/fg-prestashop-to-woocommerce/wordpress-fg-prestashop-to-woocommerce-plugin-4-44-3-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 0

The WolfNet IDX for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.19.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled. • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

The Marketing Twitter Bot plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.11. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update the plugin's settings and inject malicious JavaScripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in MonsterInsights Google Analytics by Monster Insights.This issue affects Google Analytics by Monster Insights: from n/a through 8.21.0. Vulnerabilidad de autorización faltante en MonsterInsights Google Analytics de Monster Insights. Este problema afecta a Google Analytics de Monster Insights: desde n/a hasta 8.21.0. The Google Analytics by Monster Insights plugin for WordPress is vulnerable to unauthorized access due to a missing capability check in versions up to, and including, 8.21.0. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an unauthorized action. • https://patchstack.com/database/vulnerability/google-analytics-for-wordpress/wordpress-monsterinsights-plugin-8-21-0-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

WordPress is an open publishing platform for the Web. Unserialization of instances of the `WP_HTML_Token` class allows for code execution via its `__destruct()` magic method. This issue was fixed in WordPress 6.4.2 on December 6th, 2023. Versions prior to 6.4.0 are not affected. WordPress es una plataforma de publicación abierta para la Web. • https://github.com/Abdurahmon3236/-CVE-2024-31211 https://github.com/WordPress/wordpress-develop/security/advisories/GHSA-m257-q4m5-j653 • CWE-502: Deserialization of Untrusted Data •