Lucene search
K

34 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.9 views

EUVD-2024-46269

Malicious code in bioql PyPI...

5.5CVSS6AI score0.00298EPSS
Exploits0References15
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-54111

Malicious code in bioql PyPI...

8.8CVSS9.2AI score0.00206EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/26 3:21 p.m.18 views

CVE-2024-52337 Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method

A log spoofing flaw was found in the Tuned package due to improper sanitization of some API arguments. This flaw allows an attacker to pass a controlled sequence of characters; newlines can be inserted into the log. Instead of the 'evil' the attacker could mimic a valid TuneD log line and trick t...

5.5CVSS6.6AI score0.00298EPSS
Exploits0References16
Vulnrichment
Vulnrichment
added 2024/11/13 2:33 a.m.15 views

CVE-2024-11143 Kognetiks Chatbot for WordPress <= 2.1.8 - Cross-Site Request Forgery to Authenticated (Subscriber+) Assistant Modification

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the updateassistant, addnewassistant, and deleteassistant functions. This makes it possible for...

4.3CVSS6.3AI score0.00243EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/10/24 7:35 a.m.36 views

CVE-2024-9943 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Cross-Site Request Forgery to Vendor Updates

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php...

6.3CVSS0.00192EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2024/10/12 5:39 a.m.12 views

CVE-2024-9778 ImagePress – Image Gallery <= 1.2.2 - Cross-Site Request Forgery to Plugin Settings Update

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

4.3CVSS6.5AI score0.00232EPSS
Exploits0References7
NVD
NVD
added 2024/08/21 6:15 a.m.39 views

CVE-2024-7647

The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasyncwidgetsettingsfnc function. This makes it possible for unauthenticated attackers to...

6.1CVSS0.00214EPSS
Exploits0References4
NVD
NVD
added 2024/07/09 8:15 a.m.20 views

CVE-2024-6321

The ScrollTo Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery to Arbitrary File Upload in versions up to, and including, 1.1.1. This is due to missing nonce validation and missing file type validation in the 'optionspage' function. This makes it possible for unauthenticated...

8.8CVSS0.00437EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/14 5:39 a.m.31 views

CVE-2024-5551 WP STAGING PRO - Backup Duplicator & Migration <= 5.6.0 - Cross-Site Request Forgery to Limited Local File Inclusion

The WP STAGING Pro WordPress Backup Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.6.0. This is due to missing or incorrect nonce validation on the 'sub' parameter called from the WP STAGING WordPress Backup Plugin - Backup Duplicat...

7.5CVSS0.0028EPSS
Exploits0References3
CVE
CVE
added 2024/05/16 8:31 p.m.67 views

CVE-2024-4204

Bulk Posts Editing For WordPress (Plugin) is vulnerable to Cross-Site Request Forgery in all versions up to 4.2.3 due to missing or incorrect nonce validation on AJAX actions. This could allow unauthenticated attackers to create/duplicate posts, retrieve post content, and modify post taxonomy by ...

4.3CVSS8.9AI score0.00222EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/05/16 8:31 p.m.13 views

CVE-2024-4204 Bulk Posts Editing For WordPress <= 4.2.3 - Cross-Site Request Forgery

The Bulk Posts Editing For WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.3. This is due to missing or incorrect nonce validation on the plugin's AJAX actions.. This makes it possible for unauthenticated attackers to create and...

4.3CVSS6.4AI score0.00222EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.14 views

CVE-2024-4463 Squelch Tabs and Accordions Shortcodes <= 0.4.7 - Cross-Site Request Forgery

The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.6AI score0.00215EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/01 12:0 a.m.12 views

Serious Slider <= 1.2.4 - Cross-Site Request Forgery

Description The Serious Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action...

4.3CVSS6.7AI score0.00214EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.17 views

WOOCS – WooCommerce Currency Switcher < 1.4.1.8 - Cross-Site Request Forgery

Description The WOOCS – WooCommerce Currency Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.1.7. This is due to missing or incorrect nonce validation on the saveetalon function.. This makes it possible for unauthenticated attackers ...

8.8CVSS6.5AI score0.00241EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/02/27 11:15 a.m.17 views

CVE-2024-1912

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update th...

4.3CVSS4.3AI score0.00202EPSS
Exploits0References2
Prion
Prion
added 2024/02/27 11:15 a.m.22 views

Cross site request forgery (csrf)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categori...

4.3CVSS6.7AI score0.00202EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/01/04 12:0 a.m.18 views

Customize My Account for WooCommerce < 1.8.4 - Cross-Site Request Forgery via restore_my_account_tabs

Description The Customize My Account for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.3. This is due to missing or incorrect nonce validation on the restoremyaccounttabs function. This makes it possible for unauthenticated...

8.8CVSS6.3AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/28 12:0 a.m.16 views

League Table < 1.14 - Tables Cloning/Update/Deletion via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the view/tables.php file. This makes it possible for unauthenticated attackers to clone, edit, update, and delete tables via a forged request granted they can trick a site...

8.8CVSS8.5AI score0.00269EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.21 views

UserPro < 5.1.1 - Cross-Site Request Forgery to PHP Object Injection

Description The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.0. This is due to missing or incorrect nonce validation on the 'importsettings' function. This makes it possible for unauthenticated attackers to exploit PHP Object...

8.8CVSS7.1AI score0.0027EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/20 7:29 a.m.14 views

CVE-2020-36759 Woody code snippets <= 2.3.9 - Cross-Site Request Forgery Bypass

The Woody code snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.9. This is due to missing or incorrect nonce validation on the runActions function. This makes it possible for unauthenticated attackers to activate and deactivate snippe...

4.3CVSS5.9AI score0.00397EPSS
Exploits1References9
Rows per page
Query Builder