Logo
Retour à la veille

CVE-2026-10552

Publié : 24 juin 2026
Modifié : 24 juin 2026
Lien officiel NVD
Score CVSS
4.3
MEDIUM

Description détaillée

The Blue Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 2.0.1. This is due to missing or incorrect nonce validation on the main admin panel (blcap_main_page) and on the Hall of Shame and Log subpages, which accept a 'blcap_action' / 'action' parameter from $_REQUEST and perform destructive operations (plugin uninstall via blcap_uninstall(), log deletion via blcap_delete_logs(), Hall of Shame deletion via blcap_delete_ip_db(), and adding IPs to the banned list via update_option('blcap_settings')) with no wp_verify_nonce(), check_admin_referer(), or check_ajax_referer() calls anywhere in the codebase. This makes it possible for unauthenticated attackers to uninstall the plugin, delete audit logs, remove Hall of Shame entries, and add arbitrary IP addresses to the block list via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Références et Patchs

https://plugins.trac.wordpress.org/browser/blue-captcha/tags/2.0.1/bluecaptcha.php#L220https://plugins.trac.wordpress.org/browser/blue-captcha/tags/2.0.1/bluecaptcha.php#L221https://plugins.trac.wordpress.org/browser/blue-captcha/tags/2.0.1/bluehos.php#L51https://plugins.trac.wordpress.org/browser/blue-captcha/tags/2.0.1/bluehos.php#L91https://plugins.trac.wordpress.org/browser/blue-captcha/tags/2.0.1/bluelog.php#L62https://www.wordfence.com/threat-intel/vulnerabilities/id/793072e9-250b-4a2c-819f-aa7e1dc7d4d6?source=cve

Dernières Vulnérabilités

CVE-2026-10745

Improper output neutralization for logs vulnerability in upKeeper Solutions upKeeper Instant Privilege Access on Windows allows Log Injection-Tampering-Forging. This issue affects upKeeper Instant Privilege Access: through 1.6.1.

VOIR DÉTAILS

CVE-2026-7761

The Ultimate Member plugin for WordPress is vulnerable to Account Takeover via Password Reset Link Disclosure in all versions up to and including 2.11.4. This is due to a chain of three logic bugs: (1) an MD5 hash fallback in get_directory_by_hash() that allows any post to be used as a member directory by computing SUBSTRING(MD5(post_id), 11, 5), (2) a strstr() parsing logic flaw in post_data() that allows bypassing WordPress's protected meta key restrictions by placing '_um_' anywhere in the meta key name rather than at the start, and (3) missing field name validation in build_user_card_data() that allows arbitrary field names including 'password_reset_link' to be passed to um_filtered_value(). This makes it possible for authenticated attackers with Contributor-level access and above to create a malicious post via XMLRPC with crafted meta fields, use the MD5 fallback to point the member directory AJAX handler to their post, inject 'password_reset_link' into the tagline_fields configuration, and leak live password reset URLs for all users in the member directory response, including administrators.

VOIR DÉTAILS

CVE-2026-56052

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in FunnelKit Funnel Builder by FunnelKit allows Blind SQL Injection. This issue affects Funnel Builder by FunnelKit: from n/a through 3.15.0.5.

VOIR DÉTAILS