CVE-2026-0942

The Rede Itaú for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in clearOrderLogs(), affecting all versions up to 5.1.2. Unauthenticated attackers could delete Rede Order Logs metadata from WooCommerce orders. A fix exists in...

EUVD-2024-51656

Malicious code in bioql PyPI...

CVE-2023-0385

The Custom 404 Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.7.1. This is due to missing or incorrect nonce validation on the custom404proadmininit function. This makes it possible for unauthenticated attackers to delete logs, via forged...

CVE-2024-8286

The CVE-2024-8286 entry concerns the WordPress plugin webtoffee-gdpr-cookie-consent prior to version 2.6.1, which reportedly lacks CSRF checks in certain bulk actions. Public sources in the connected documents confirm that this could allow an attacker to cause logged-in admins to perform unintend...

WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery

Overview WordPress Plugin "Activity Log WinterLock" provided by SWIT contains a cross-site request forgery vulnerability CWE-352. KENJI YOSHIKAWA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact If a user vie...

CVE-2024-12280

The WP Customer Area WordPress plugin through 8.2.4 does not have CSRF check in place when deleting its logs, which could allow attackers to make a logged in to delete them via a CSRF attack...

PT-2023-16906 · WordPress · Rapidload Power-Up For Autoptimize

Name of the Vulnerable Software and Affected Versions: RapidLoad Power-Up for Autoptimize plugin for WordPress versions up to, and including, 1.7.1 Description: The issue is related to unauthorized data loss due to a missing capability check on the clear uucss logs function. This allows...

CVE-2021-24766 404 to 301 < 3.0.9 - Logs Deletion via CSRF

The 404 to 301 – Redirect, Log and Notify 404 Errors WordPress plugin before 3.0.9 does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack...

404 to 301 < 3.0.9 - Logs Deletion via CSRF

Description The plugin does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack https://example.com/wp-admin/admin.php?page=jj4t3-logs&action=bulkclean...

WordPress 404 to 301 plugin <= 3.0.8 - Cross-Site Request Forgery (CSRF) vulnerability leading to Logs Deletion

Cross-Site Request Forgery CSRF vulnerability leading to Logs Deletion discovered by apple502j in WordPress 404 to 301 plugin versions = 3.0.8. Solution Update the WordPress 404 to 301 plugin to the latest available version at least 3.0.9...

404 to 301 < 3.0.9 - Logs Deletion via CSRF

Description The plugin does not have CSRF check in place when cleaning the logs, which could allow attacker to make a logged in admin delete all of them via a CSRF attack PoC https://example.com/wp-admin/admin.php?page=jj4t3-logs=bulkclean...

CVE-2019-20071

On Netis DL4323 devices, CSRF exists via form2logaction.cgi to delete all logs...

New Fileless Ransomware with Code Injection Ability Detected in the Wild

It is no secret that hackers and cybercriminals are becoming dramatically more adept, innovative, and stealthy with each passing day. While new forms of cybercrime are on the rise, traditional activities seem to be shifting towards more clandestine techniques that come with limitless attack vecto...

CVE-2015-0895

All In One WP Security & Firewall for WordPress (versions before 3.9.0) is affected by a CSRF vulnerability that can allow an attacker, while a logged-in admin exists, to hijack the administrator’s authentication to delete 404 logs via forged requests. Root cause is CSRF in the plugin; impact inc...