CVE-2013-7376

Multiple cross-site request forgery CSRF vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by requests that conduct directory traversal attacks via the group parameter to 1 plugin-preferences.php...

CVE-2022-4363

The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack...

CVE-2023-7196

The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-7174

The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-2334

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a...

CVE-2024-11719

The tarteaucitron-wp WordPress plugin before 0.3.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2022-4363 Wholesale Market <= 2.2.2 - Settings Update via CSRF

The Wholesale Market WordPress plugin before 2.2.2, Wholesale Market for WooCommerce WordPress plugin before 2.0.1 have a flawed CSRF check when updating their settings, which could allow attackers to make a logged in admin update them via a CSRF attack...

CVE-2022-4363

CVE-2022-4363 affects WordPress plugins: Wholesale Market (pre-2.2.2) and Wholesale Market for WooCommerce (pre-2.0.1). A flawed CSRF check when updating settings could allow a logged-in admin to update settings via CSRF. Public details confirm the affected versions and the vulnerability class; n...

PT-2025-21760 · WordPress · Wholesale Market For Woocommerce +1

Name of the Vulnerable Software and Affected Versions: Wholesale Market WordPress plugin versions prior to 2.2.2 Wholesale Market for WooCommerce WordPress plugin versions prior to 2.0.1 Description: The issue is related to a flawed CSRF check when updating settings, which could allow attackers t...

CVE-2024-9450

The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in subscriber change them via a CSRF attack...

CVE-2024-8032

The Smooth Gallery Replacement WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2024-6719

The Offload Videos WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow low privilege users to update them via a CSRF attack...

CVE-2023-7297

The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-7174

The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-7174

The aBitGone CommentSafe WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-2334

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a...

CVE-2023-7297 TwitterPosts <= 1.0.2 - Settings Update via CSRF

The TwitterPosts WordPress plugin through 1.0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-7229 illi Link Party! <= 1.0 - Settings Update via CSRF

The illi Link Party! WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2023-7197 Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF

The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

CVE-2023-7197 Marketing Twitter Bot <= 1.11 - Settings Update to Stored XSS via CSRF

The Marketing Twitter Bot WordPress plugin through 1.11 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...