Lucene search
+L

370 matches found

osv
osv
added 2025/02/19 8:15 a.m.7 views

CVE-2025-0865

The WP Media Category Management plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.0 to 2.3.3. This is due to missing or incorrect nonce validation on the wpmcmhandleactionsettings function. This makes it possible for unauthenticated attackers to alter plugin settings...

6.5CVSS5.7AI score0.00258EPSS
Exploits0References6
osv
osv
added 2025/02/18 6:15 a.m.3 views

CVE-2024-13315

The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the savesetting function. This makes it possible for unauthenticated...

8.8CVSS5.7AI score0.00227EPSS
Exploits0References3
osv
osv
added 2025/02/18 5:15 a.m.4 views

CVE-2025-0796

The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. This is due to missing or incorrect nonce validation on the 'wprequalresetdefaults' action. This makes it possible for unauthenticated attackers to reset...

4.3CVSS7.2AI score0.00184EPSS
Exploits0References2
osv
osv
added 2025/02/18 5:15 a.m.7 views

CVE-2024-13684

The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the resetdbpage function. This makes it possible for unauthenticated attackers to reset several tables in the database like...

8.1CVSS7.2AI score0.00207EPSS
Exploits0References2
osv
osv
added 2025/01/30 2:15 p.m.6 views

CVE-2024-13512

The Wonder FontAwesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.8. This is due to missing or incorrect nonce validation on one of its functions. This makes it possible for unauthenticated attackers to update settings and inject...

5.4CVSS5.6AI score0.00134EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2025/01/25 12:0 a.m.7 views

PT-2025-2253 · WordPress · Linear

Name of the Vulnerable Software and Affected Versions: Linear plugin for WordPress versions up to, and including, 2.8.1 Description: The issue is due to missing or incorrect nonce validation on the linear-debug feature, making it possible for unauthenticated attackers to reset the plugin's cache...

4.3CVSS6.9AI score0.00227EPSS
Exploits0References8
osv
osv
added 2025/01/18 7:15 a.m.11 views

CVE-2024-12385

The WP Abstracts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing nonce validation on the wpabstractsloadstatus and wpabstractsdeleteabstracts functions. This makes it possible for unauthenticated attackers to...

6.1CVSS5.7AI score0.00193EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/01/18 12:0 a.m.5 views

PT-2025-1828 · WordPress · Wp Abstracts

Name of the Vulnerable Software and Affected Versions: WP Abstracts plugin for WordPress versions up to, and including, 2.7.2 Description: The issue is due to missing nonce validation on the wpabstracts load status and wpabstracts delete abstracts functions, making it possible for unauthenticated...

6.1CVSS9.3AI score0.00193EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2024/12/25 12:0 a.m.7 views

PT-2024-17683 · WordPress · Wplegalpages

Name of the Vulnerable Software and Affected Versions: WP Legal Pages plugin for WordPress versions up to, and including, 3.2.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the create popup delete process function. This allows...

4.3CVSS9.2AI score0.00167EPSS
Exploits0References7
ptsecurity
ptsecurity
added 2024/10/30 12:0 a.m.5 views

PT-2024-39629 · WordPress · Wpglobus Translate Options

Name of the Vulnerable Software and Affected Versions: WPGlobus Translate Options plugin for WordPress versions up to, and including, 2.2.0 Description: The issue is due to missing or incorrect nonce validation on the on translate options page function, making it possible for unauthenticated...

6.1CVSS7.1AI score0.00158EPSS
Exploits0References6
osv
osv
added 2024/10/25 8:15 a.m.7 views

CVE-2024-9598

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.99.1. This is due to missing or incorrect nonce validation on the 'proxy' function. This makes it possible for unauthenticated attackers to send the...

8.8CVSS5.6AI score0.00261EPSS
Exploits0References3
osv
osv
added 2024/10/24 8:15 a.m.6 views

CVE-2024-9943

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php...

6.3CVSS5.8AI score0.00192EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2024/10/15 12:0 a.m.12 views

PT-2024-39737 · WordPress · Wp Ulike

Name of the Vulnerable Software and Affected Versions: WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress versions up to, and including, 4.7.4 Description: The issue is a Cross-Site Request Forgery vulnerability due to missing or incorrect nonce validation on the wp ulik...

4.3CVSS6.8AI score0.00207EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2024/10/12 12:0 a.m.14 views

PT-2024-39836 · WordPress · Imagepress

Name of the Vulnerable Software and Affected Versions: ImagePress – Image Gallery plugin for WordPress versions up to, and including, 1.2.2 Description: The issue is due to missing or incorrect nonce validation on the imagepress admin page function, making it possible for unauthenticated attacker...

4.3CVSS6.5AI score0.00232EPSS
Exploits0References12
ptsecurity
ptsecurity
added 2024/09/23 12:0 a.m.7 views

PT-2024-39259 · WordPress · Ba Book Everything

Name of the Vulnerable Software and Affected Versions: BA Book Everything plugin for WordPress versions up to, and including, 1.6.20 Description: The issue is due to missing or incorrect nonce validation on the my account update function, making it possible for unauthenticated attackers to update...

8.8CVSS7.5AI score0.003EPSS
Exploits0References13
osv
osv
added 2024/09/13 3:15 p.m.4 views

CVE-2024-7423

The Stream plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.1. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary options that...

8.8CVSS5.7AI score0.00311EPSS
Exploits0References3
osv
osv
added 2024/09/10 10:15 a.m.6 views

CVE-2023-2919

The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addonenabledisable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a...

4.3CVSS5.6AI score0.00207EPSS
Exploits0References3
osv
osv
added 2024/08/30 8:15 a.m.6 views

CVE-2024-8319

The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tforderstatusemailresendfunction, tfvisitordetailseditfunction, tfcheckinoutdetailseditfunction,...

4.3CVSS5.6AI score0.00174EPSS
Exploits0References2
ptsecurity
ptsecurity
added 2024/08/17 12:0 a.m.8 views

PT-2024-12465 · WordPress · The Bricks

Name of the Vulnerable Software and Affected Versions: The Bricks theme for WordPress versions up to, and including, 1.8.1 Description: The issue is due to missing or incorrect nonce validation on the save settings function, making it possible for unauthenticated attackers to modify the theme's...

4.3CVSS7.3AI score0.00227EPSS
Exploits0References8
ptsecurity
ptsecurity
added 2024/08/15 12:0 a.m.9 views

PT-2024-38391 · WordPress · Download Plugins/Themes In Zip From Dashboard

Name of the Vulnerable Software and Affected Versions: Download Plugins and Themes in ZIP from Dashboard plugin for WordPress versions prior to 1.8.8 Description: The issue is due to missing or incorrect nonce validation on the download theme function, making it possible for unauthenticated...

4.2CVSS6.9AI score0.00161EPSS
Exploits0References8
Rows per page
Query Builder