Lucene search
+L

102 matches found

Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.11 views

CVE-2023-0505 Ever Compare <= 1.2.3 - Arbitrary Plugin Activation via CSRF

The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.6AI score0.00252EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.13 views

CVE-2023-0499 QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF

The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.6AI score0.00252EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.8 views

CVE-2023-1089 Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF

The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.7AI score0.00267EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.13 views

CVE-2023-0498 WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF

The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.6AI score0.00252EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.11 views

CVE-2023-1088 WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF

The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.6AI score0.00252EPSS
Exploits2References1
Cvelist
Cvelist
added 2023/03/27 3:37 p.m.30 views

CVE-2023-0498 WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF

The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

5AI score0.00252EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2023/03/27 3:37 p.m.7 views

CVE-2023-0504 HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF

The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.6AI score0.00252EPSS
Exploits2References1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.15 views

QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers...

4.3CVSS5.4AI score0.00252EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.134 views

HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00281EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.128 views

Ever Compare < 1.2.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.2AI score0.00252EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.99 views

HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.13 views

WP Insurance < 2.1.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.7AI score0.00307EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.17 views

Ever Compare < 1.2.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.1AI score0.00252EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.13 views

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.4AI score0.00278EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2023/02/28 12:0 a.m.14 views

Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.1AI score0.00267EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.103 views

Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.6AI score0.00337EPSS
Exploits2
wpexploit
wpexploit
added 2023/02/28 12:0 a.m.107 views

QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers...

4.3CVSS5.6AI score0.00252EPSS
Exploits2
NVD
NVD
added 2023/02/17 3:15 p.m.53 views

CVE-2023-23899

Cross-Site Request Forgery CSRF vulnerability in HasThemes Extensions For CF7 plugin = 2.0.8 versions leads to arbitrary plugin activation...

4.3CVSS4.8AI score0.00231EPSS
Exploits0References1
Prion
Prion
added 2023/02/17 3:15 p.m.20 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in HasThemes Extensions For CF7 plugin = 2.0.8 versions leads to arbitrary plugin activation...

4.3CVSS4.9AI score0.00231EPSS
Exploits0References1Affected Software1
Wordfence Blog
Wordfence Blog
added 2023/02/09 3:31 p.m.115 views

Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)

In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and, plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfences highly...

0.28565EPSS
Exploits52
Rows per page
Query Builder