1834 matches found
CVE-2024-5033 SULly < 4.3.1 - Admin+ Stored XSS via CSRF
The SULly WordPress plugin before 4.3.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...
CVE-2024-5033
The CVE-2024-5033 entry concerns the SULly WordPress plugin prior to version 4.3.1, which lacks CSRF checks and proper sanitization/escaping, enabling a logged-in admin to inject Stored XSS payloads via a CSRF attack. Red Hat and Patchstack entries corroborate the vulnerability description and no...
CVE-2024-3632
CVE-2024-3632 affects the WordPress plugin Smart Image Gallery prior to version 1.0.19. The vulnerability arises from a missing CSRF check when updating plugin settings, enabling a logged-in attacker to modify settings via a CSRF attack. Patch information from Patchstack indicates the fix is in 1...
PT-2024-35451 · Unknown · Wp-Affiliate-Platform
Name of the Vulnerable Software and Affected Versions: wp-affiliate-platform versions prior to 6.5.1 Description: The issue concerns a lack of CSRF check and missing sanitization as well as escaping in certain areas, potentially allowing attackers to execute an XSS payload via a CSRF attack on...
CVE-2024-6024
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when deleting groups or emails, which could allow attackers to make a logged in admin remove them via a CSRF attack...
CVE-2024-6023
The CVE-2024-6023 entry documents a CSRF vulnerability in the ContentLock WordPress plugin, affecting versions up to 1.0.3. The issue is that there is no CSRF check when adding emails, which could allow a logged-in attacker to trick an admin into adding an email via a CSRF attack. The connected R...
CVE-2024-6022 ContentLock <= 1.0.3 - Settings Update via CSRF
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-6022 ContentLock <= 1.0.3 - Settings Update via CSRF
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-2235
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users vote on any polls, including those they don't have access to via a CSRF attack...
CVE-2024-2235
The CVE-2024-2235 entry concerns the Himer WordPress theme pre-2.1.1 lacking CSRF checks in multiple areas, enabling CSRF-based vote manipulation on polls (including restricted ones). Affected product: Himer WordPress theme
CVE-2024-2040
The connected Patchstack entry confirms a CSRF vulnerability in WordPress theme Himer prior to version 2.1.1, enabling an attacker to cause users to join private groups without authorization. The affected product is the Himer WordPress theme (versions
CVE-2024-2040 Himer - Social Questions and Answers < 2.1.1 - Arbitrary Group Joining via CSRF
The Himer WordPress theme before 2.1.1 does not have CSRF checks in some places, which could allow attackers to make users join private groups via a CSRF attack...
CVE-2021-45785
TruDesk Help Desk/Ticketing Solution v1.1.11 is vulnerable to a Cross-Site Request Forgery CSRF attack which would allow an attacker to restart the server, causing a DoS attack. The attacker must craft a webpage that would perform a GET request to the /api/v1/admin/restart endpoint, then the vict...
CVE-2024-4475
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack...
CVE-2024-4969
CVE-2024-4969 concerns WordPress Widget Bundle plugin (versions
CVE-2024-4475 WP Logs Book <= 1.0.1 - Log Clearing via CSRF
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF attack...
CVE-2024-4474
CVE-2024-4474 affects the WordPress plugin WP Logs Book (versions <= 1.0.1). The connected sources confirm a CSRF vulnerability where there is no CSRF check when updating settings, potentially allowing a logged-in attacker to change admin settings via a CSRF attack. The Red Hat/CVE and Patchst...
CVE-2024-4475
The WP Logs Book WordPress plugin (versions <= 1.0.1) contains a CSRF vulnerability in the log-clearing action, allowing an authenticated attacker to trigger log clearing via CSRF requests. PoCs describe an HTML form-based trigger requiring admin interaction. Several sources corroborate the is...
CVE-2024-4474 WP Logs Book <= 1.0.1 - Disable Logging via CSRF
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-5155
The Inquiry cart WordPress plugin through 3.4.2 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...