The has a CSRF vulnerability that allows the deletion of a post without using a nonce or prompting for confirmation. Zafiyet ile ilgili Genel Bilgi,…

The Evaluate WordPress plugin through 1.0 does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform…

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users…

The My wpdb WordPress plugin before 2.5 is missing CSRF check when running SQL queries, which could allow attacker to make a logged in admin…

The function check_is_login_page() uses headers for the IP check, which can be easily spoofed. Zafiyet ile ilgili Genel Bilgi, Etki ve Çözümleri için Devamını Oku…

The WP User Frontend WordPress plugin before 3.5.29 uses a user supplied argument called urhidden in its registration form, which contains the role for the…

An API Endpoint used by Miele’s “AppWash” MobileApp in all versions was vulnerable to an authorization bypass. A low privileged, remote attacker would have been…

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was…

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was…

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was…