Vulnerabilities and security researches fora3-portfolio a3-portfolio

Jun 07, 2024

CVE, Research URL: d1b0f784da3ca0f399c542515fda1423816819f0
Home page URL: Security reports for a3 Portfolio
Application: a3 Portfolio
Date: Nov 02, 2022
Research Description: a3 Portfolio [a3-portfolio] < 3.1.1 a3 Lazy Load <= 2.6.0 - Cross-Site Request Forgery to Settings Reset The following plugins for WordPress are vulnerable to Cross-Site Request Forgery: a3 Lazy Load (<= 2.6.0), Contact Us Page – Contact People (<= 3.6.1), a3 Portfolio (<= 3.0.1), Dynamic Product Gallery for WooCommerce (3.0.1), a3 Responsive Slider (<= 2.2.0), Compare Products for WooCommerce (<= 2.8.2), Products Quick View for WooCommerce (<= 2.0.1), Product Sort and Display for WooCommerce (<= 2.2.2), Product Widget Slider for WooCommerce (), WP Email Template (<= 2.6.2). This is due to missing nonce validation on the reset_settings() function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2023-29097
Home page URL: Security reports for a3 Portfolio
Application: a3 Portfolio
Date: Aug 14, 2023
Research Description: Auth. (author+) Stored Cross-Site Scripting (XSS) vulnerability in a3rev Software a3 Portfolio plugin <= 3.1.0 versions.
Affected versions: Min -, max -.
Status: vulnerable