8801 matches found
CVE-2023-1867
CVE-2023-1867 affects the YourChannel WordPress plugin (versions
CVE-2023-1866 YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset
The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via...
CVE-2023-1866 YourChannel <= 1.2.4 - Cross-Site Request Forgery to Plugin Channel Reset
The YourChannel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on the clearKeys function. This makes it possible for unauthenticated attackers to reset the plugin's channel settings via...
CVE-2023-1866
CVE-2023-1866 concerns the YourChannel WordPress plugin (
PT-2023-17295 · WordPress · Yourchannel
Name of the Vulnerable Software and Affected Versions: YourChannel plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is due to missing or incorrect nonce validation on the clearKeys function, making it possible for unauthenticated attackers to reset the plugin's...
PT-2023-15922 · WordPress · Wcfm Marketplace
Name of the Vulnerable Software and Affected Versions: WCFM Marketplace plugin for WordPress versions up to and including 3.4.11 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying shipping method details, modifying products, and deleting arbitrar...
PT-2023-17300 · WordPress · Yourchannel
Name of the Vulnerable Software and Affected Versions: YourChannel plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the deleteLang function. This allows unauthenticated attacke...
PT-2023-17296 · WordPress · Yourchannel
Name of the Vulnerable Software and Affected Versions: YourChannel plugin for WordPress versions up to, and including, 1.2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save function. This allows unauthenticated attackers to...
PT-2023-15927 · WordPress · Wcfm Membership
Name of the Vulnerable Software and Affected Versions: WCFM Membership plugin for WordPress versions up to, and including, 2.9.10 Description: The issue allows unauthenticated attackers to perform various actions, such as modifying membership details, changing renewal information, controlling...
Comment Reply Notification <= 1.4 - Cross-Site Request Forgery
The plugin does not properly validate requests use nonces, leading to a Cross-Site Request Forgery CSRF vulnerability...
CVE-2023-1330
The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack...
CVE-2023-1330
The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack...
CVE-2023-1330 Redirection < 1.1.4 - Redirect Creation via CSRF
The Redirection WordPress plugin before 1.1.4 does not add nonce verification in place when adding the redirect, which could allow attackers to add redirects via a CSRF attack...
CVE-2023-1330
CVE-2023-1330 affects the Redirection WordPress plugin, versions prior to 1.1.4. The root cause is missing nonce verification when adding redirects, enabling a CSRF attack to create redirects. The impact is the potential unauthorized modification of redirects (I/H/CVE)**.
WordPress plugin Redirection 跨站请求伪造漏洞
WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers. uninstall is a plugin used to completely uninstall WordPress. relevant is a relevant...
PT-2023-16900 · WordPress · Redirection
Name of the Vulnerable Software and Affected Versions: The Redirection WordPress plugin versions prior to 1.1.4 Description: The issue concerns a lack of nonce verification when adding redirects, which could allow attackers to add redirects via a CSRF attack. Recommendations: For versions prior t...
CVE-2023-1509
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...
Cross site request forgery (csrf)
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...
CVE-2023-1509 GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion)
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...
CVE-2023-1509 GMAce <= 1.5.2 - Cross-Site Request Forgery to Arbitrary File Modification (Creation/Overwrite/Deletion)
The GMAce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.2. This is due to missing nonce validation on the gmacemanagerserver function called via the wpajaxgmacemanager AJAX action. This makes it possible for unauthenticated attackers to...