what you don't know can hurt you

Register | Login

FilesNewsUsersAuthors

Home Files News &[SERVICES_TAB]About Contact Add New

Showing 1 - 2 of 2

Files from Ivan Kuzymchak

WordPress All In One SEO Pack 4.2.9 Cross Site Scripting

Posted Feb 28, 2023

Authored by Ivan Kuzymchak | Site wordfence.com

WordPress All In One SEO Pack plugin versions 4.2.9 and below suffer from multiple persistent cross site scripting vulnerabilities.

tags | advisory, vulnerability, xss

advisories | CVE-2023-0585, CVE-2023-0586

SHA-256 | 74a6135d643e33e4d021ee5ec58f0ee2bd51c430b63b1e5f75fa0e95dc108a92

Download | Favorite | View

WordPress Quick Restaurant 2.0.2 XSS / CSRF / IDOR / Missing Authorization

Posted Feb 2, 2023

Authored by Marco Wotschka, Ivan Kuzymchak | Site wordfence.com

On January 16, 2023, the Wordfence Threat Intelligence team responsibly disclosed several vulnerabilities in Quick Restaurant Menu, a WordPress plugin that allows users to set up restaurant menus on their sites. This plugin is vulnerable to missing authorization, insecure direct object reference, cross site request forgery as well as cross site scripting in versions up to, and including, 2.0.2.

tags | advisory, vulnerability, code execution, xss, file inclusion, csrf

advisories | CVE-2023-0550, CVE-2023-0554, CVE-2023-0555

SHA-256 | e3ba7e7e5a2df6cde42d9ee75f8bec79e5251c694adb11dfae0969e813acffdb

Download | Favorite | View