Lucene search
K

4 matches found

NVD
NVD
added 2023/06/03 5:15 a.m.47 views

CVE-2023-2407

The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

6.5CVSS6AI score0.00419EPSS
Exploits2References5
OSV
OSV
added 2023/06/03 5:15 a.m.12 views

CVE-2023-2407

The Event Registration Calendar By vcita plugin, versions up to and including 3.9.1, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

6.5CVSS6.7AI score0.00419EPSS
Exploits2References4
CVE
CVE
added 2023/06/03 4:35 a.m.49 views

CVE-2023-2407

CVE-2023-2407 is a CSRF flaw in The Event Registration Calendar By vcita plugin (and Online Payments) for WordPress. The root cause is missing nonce validation in the ls_parse_vcita_callback() function, allowing unauthenticated attackers to modify plugin settings and inject malicious JavaScript v...

6.5CVSS6.7AI score0.00419EPSS
Exploits2References5Affected Software2
Vulnrichment
Vulnrichment
added 2023/06/03 4:35 a.m.8 views

CVE-2023-2407 Event Registration Calendar By vcita <= 1.3.1 & Online Payments – Get Paid with PayPal, Square & Stripe <= 3.10.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the lsparsevcitacallback function. This...

6.1CVSS6.7AI score0.00419EPSS
Exploits2References5
Rows per page
Query Builder