6 matches found
CVE-2024-12709
The Bulk Me Now! WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-12436
The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-6136
The wp-cart-for-digital-products WordPress plugin before 8.5.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
CVE-2024-1845
The VikRentCar Car Rental Management System WordPress plugin before 1.3.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery
Overview WordPress plugins "WP Tweet Walls" and "Sola Testimonials" provided by Sola Plugins contain a cross-site request forgery vulnerability CWE-352. These vulnerabilities are reported by the following reporters, and JPCERT/CC coordinated with the developer under Information Security Early...
CVE-2023-39446
Thanks to the weaknesses that the web application has at the user management level, an attacker could obtain the information from the headers that is necessary to create specially designed URLs and originate malicious actions when a legitimate user is logged into the web application...