An uncontrolled search path vulnerability in McAfee Consumer Product Removal Tool prior to version 10.4.128 could allow a local attacker to perform a sideloading attack by using a specific file name. This could result in the user gaining elevated permissions and being able to execute arbitrary code as there were insufficient checks on the executable…
The Cross-Linker WordPress plugin through 3.0.1.9 does not have CSRF check in place when creating Cross-Links, which could allow attackers to make a logged in admin perform such action via a CSRF attack Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The PDF24 Article To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The PDF24 Articles To PDF WordPress plugin through 4.2.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The Inline Google Maps WordPress plugin through 5.11 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping Zafiyet ile ilgili Genel Bilgi, Etki…
The Amazon Einzeltitellinks WordPress plugin through 1.3.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping Zafiyet ile ilgili Genel Bilgi, Etki ve…
The WPlite WordPress plugin through 1.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The CaPa Protect WordPress plugin through 0.5.8.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and disable the applied protection. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The Newsletter WordPress plugin before 7.4.6 does not escape and sanitise the preheader_text setting, which could allow high privilege users to perform Stored Cross-Site Scripting attacks when the unfilteredhtml is disallowed Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The underConstruction WordPress plugin before 1.20 does not have CSRF check in place when deactivating the construction mode, which could allow attackers to make a logged in admin perform such action via a CSRF attack Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The underConstruction WordPress plugin before 1.21 does not sanitise or escape the “Display a custom page using your own HTML” setting before outputting it, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiletred_html capability is disallowed. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database
The Events Made Easy WordPress plugin before 2.2.81 does not properly sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku Kaynak: National Vulnerability Database