Following the coordinated and responsible vulnerability disclosure guidelines of the **[ISO 29147]()** standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. not ...
Continue ReadingJune 13, 2022
_This post is part seven of GitHub Security Labs [series on the OWASP Top 10 Proactive Controls](), where we provide practical guidance for OSS developers on proactively improving your security post ...
Continue ReadingJune 13, 2022
The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banne ...
Continue ReadingJune 13, 2022
The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attac ...
Continue ReadingJune 13, 2022
The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF att ...
Continue ReadingJune 13, 2022
The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attackRead ...
Continue ReadingJune 13, 2022
The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and cha ...
Continue ReadingJune 13, 2022
The HC Custom WP-Admin URL WordPress plugin through 1.4 leaks the secret login URL when sending a specific crafted requestRead More ...
Continue ReadingJune 13, 2022
Back to Main