Kategori: NIST-Təhlükəsizlik Zəiflikləri

CVE-2015-20019

The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site…

Devamını oku

CVE-2015-20067

The WP Attachment Export WordPress plugin before 0.2.4 does not have proper access controls, allowing unauthenticated users to download the XML data that holds all…

Devamını oku

CVE-2018-25019

The LearnDash LMS WordPress plugin before 2.5.4 does not have any authorisation and validation of the file to be uploaded in the learndash_assignment_process_init() function, which…

Devamını oku

CVE-2020-36503

The Connections Business Directory WordPress plugin before 9.7 does not validate or sanitise some connections' fields, which could lead to a CSV injection issue Devamını…

Devamını oku

CVE-2020-36505

The Delete All Comments Easily WordPress plugin through 1.3 is lacking Cross-Site Request Forgery (CSRF) checks, which could result in an unauthenticated attacker making a…

Devamını oku