Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin = 2.9.20 versions...

CVE-2023-23787 WordPress Premmerce Redirect Manager Plugin <= 1.0.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Premmerce Premmerce Redirect Manager plugin = 1.0.9 versions...

CVE-2023-28986

CVE-2023-28986 is a CSRF vulnerability in the WordPress plugin Affiliates Manager (wpaffiliatemgr), affected versions ≤ 2.9.20. The issue is publicly documented across multiple sources (Red Hat, NVD, Patchstack, CVE listings) as a Cross-Site Request Forgery flaw that can be triggered without auth...

CVE-2023-28986 WordPress Affiliates Manager Plugin <= 2.9.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in wp.Insider, wpaffiliatemgr Affiliates Manager plugin = 2.9.20 versions...

The vulnerability of the Project.get_MissingTypes() function in the ObjectManager plugin of the PLK CODESYS Development System application programming interface allows a attacker to execute any command they desire.

The vulnerability of the Project.getMissingTypes function in the ObjectManager plugin of the PLK CODESYS Development System lies in the deserialization of unreliable data. Exploiting this vulnerability allows an attacker to execute arbitrary commands remotely...

CVE-2020-36745

The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the doupdates function. This makes it possible for unauthenticated attackers to trigger updates via a forged...

CVE-2023-35775

CVE-2023-35775 affects the WordPress WP Backup Manager plugin, where an unauthenticated reflected XSS exists in versions ≤ 1.13.1. Content from multiple sources confirms the vulnerability and the product, with remediation guidance to update to version 1.13.1 or later. Some entries note unpatched ...

CVE-2023-34373

CVE-2023-34373 affects the Zephyr Project Manager WordPress plugin (versions ≤ 3.3.93). The issue is a Cross-Site Request Forgery (CSRF) vulnerability that could allow unauthenticated or authenticated attackers to induce unwanted actions (e.g., data deletion) due to missing CSRF checks. A fix is ...

WordPress Plugin Dylan James Zephyr Project Manager 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin... WordPress Plugin Dylan...

CVE-2023-25963

CVE-2023-25963 affects the WordPress plugin JS Job Manager (versions

CVE-2023-2305

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdmmembers', 'wpdmloginform', 'wpdmregform' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2023-2305

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpdmmembers', 'wpdmloginform', 'wpdmregform' shortcodes in versions up to, and including, 3.2.70 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

WordPress WP Full Auto Tags Manager Plugin <= 2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Software WP Full Auto Tags Manager Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-34024 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID e806b57e2695 Credits Elliot Requir...

CVE-2023-25460

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in CodeSolz Easy Ad Manager plugin = 1.0.0 versions...

CVE-2023-23789

CVE-2023-23789 concerns the WordPress plugin Premmerce Redirect Manager . The vulnerability is a Stored XSS that requires admin+ privileges and affects plugin versions up to and including 1.0.9 (per original description). Connected sources also reference a broader vulnerability set in the same pl...

PT-2023-16259 · WordPress · Cloud Manager Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Cloud Manager WordPress plugin versions 1.0 and earlier Description: The issue allows unauthenticated attackers to trick a logged-in admin into triggering a XSS payload by clicking a link, due to the lack of sanitization and escaping of the...

CVE-2023-22718

The CVE-2023-22718 entry describes a Reflected XSS in the WordPress plugin User Meta Manager (versions &lt;= 3.4.9). The underlying issue is insufficient sanitisation/escaping of user-controlled input, leading to reflected payloads in the admin/page context. Affected product/component: WordPress ...

CVE-2022-45836

Unauth. Reflected Cross-Site Scripting XSS vulnerability in W3 Eden, Inc. Download Manager plugin = 3.2.59 versions...

CVE-2022-45836

CVE-2022-45836 affects W3 Eden, Inc. Download Manager plugin for WordPress, version 3.2.59 and earlier. The connected PT-Security entry specifies an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability in this plugin, exploitable without authentication. The issue is mitigated by upg...

CVE-2023-23979

Unauth. Stored Cross-Site Scripting XSS vulnerability in Fullworks Quick Event Manager plugin = 9.7.4 versions...