Cross site request forgery (csrf)

The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This makes i...

CVE-2022-2542

The uContext for Clickbank plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This make...

CVE-2022-2541 uContext for Amazon <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting

The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This makes i...

CVE-2022-2541 uContext for Amazon <= 3.9.1 - Cross-Site Request Forgery to Cross-Site Scripting

The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This makes i...

CVE-2022-2518 Stockists Manager for Woocommerce <= 1.0.2.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockistsettingsmain function. This makes it possible for unauthenticated attackers to modify the plugin...

CVE-2022-2432 Ecwid Ecommerce Shopping Cart <= 6.10.23 - Cross-Site Request Forgery to Settings/Options Update

The Ecwid Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.10.23. This is due to missing or incorrect nonce validation on the ecwidupdatepluginparams function. This makes it possible for unauthenticated attackers to updat...

CVE-2022-2233 Banner Cycler <= 1.4 - Cross-Site Request Forgery to Cross-Site Scripting

The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabcadminslidespostback function found in the /admin/admin.php file. This makes it possible for unauthenticated attackers to inje...

PT-2022-17263 · WordPress · Link Optimizer Lite

Name of the Vulnerable Software and Affected Versions: Link Optimizer Lite plugin for WordPress versions up to, and including 1.4.5 Description: The issue is due to missing nonce validation on the admin page function found in the admin.php file. This allows unauthenticated attackers to modify the...

WordPress plugin Link Optimizer Lite 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress plugin Banner Cycler 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

PT-2022-17119 · WordPress · Stockists Manager For Woocommerce

Name of the Vulnerable Software and Affected Versions: Stockists Manager for Woocommerce plugin for WordPress versions up to, and including, 1.0.2.1 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the stockist settings main function. This allows...

PT-2022-15368 · WordPress · Banner Cycler

Name of the Vulnerable Software and Affected Versions: Banner Cycler plugin for WordPress versions up to and including 1.4 Description: The issue is related to Cross-Site Request Forgery due to missing nonce protection on the pabc admin slides postback function in the /admin/admin.php file. This...

PT-2022-17281 · WordPress · Ucontext For Clickbank

Name of the Vulnerable Software and Affected Versions: uContext for Clickbank plugin for WordPress versions up to, and including 3.9.1 Description: The issue is due to missing nonce validation in the /app/sites/ajax/actions/keyword save.php file, which is called via the doAjax function. This allo...

PT-2022-16604 · Ecwid · Ecwid Ecommerce Shopping Cart

Name of the Vulnerable Software and Affected Versions: Ecwid Ecommerce Shopping Cart plugin for WordPress versions up to, and including, 6.10.23 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the ecwid update plugin params function...

PT-2022-17273

Name of the Vulnerable Software and Affected Versions uContext for Amazon plugin for WordPress versions up to, and including 3.9.1 Description The issue is related to Cross-Site Request Forgery to Cross-Site Scripting due to missing nonce validation in the /app/sites/ajax/actions/keyword save.php...

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

CVE-2022-2555

The Yotpo Reviews for WooCommerce WordPress plugin through 2.0.4 lacks nonce check when updating its settings, which could allow attacker to make a logged in admin change them via a CSRF attack...

CVE-2022-2172

The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack...

CVE-2022-2172

The LinkWorth WordPress plugin before 3.3.4 does not implement nonce checks, which could allow attackers to make a logged in admin change settings via a CSRF attack...