Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 2:13 a.m.6 views

CVE-2023-3977

Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handleinstallation function that is called via the inisevinstallation AJAX aciton in various versions. This makes it possible for...

4.3CVSS6.5AI score0.00512EPSS
Exploits1References1
CVE
CVE
added 2023/07/28 4:37 a.m.48 views

CVE-2023-3977

CVE-2023-3977 describes a Cross‑Site Request Forgery (CSRF) in multiple Inisev WordPress plugins, due to a missing nonce on the handle_installation function invoked by inisev_installation via AJAX. This enables unauthenticated attackers to trigger installation of plugins from a limited list if a ...

4.3CVSS4.7AI score0.00512EPSS
Exploits1References23Affected Software10
Patchstack
Patchstack
added 2023/07/28 12:0 a.m.13 views

WordPress Clone Plugin <= 2.3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Clone Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 96ed031b1483 Credits Wordfence Required privilege...

4.3CVSS4.4AI score0.00512EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/07/28 12:0 a.m.9 views

WordPress SSL Mixed Content Fix Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software SSL Mixed Content Fix Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f6d84c36e0ce Credits WordFence...

4.3CVSS4.4AI score0.00512EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/07/28 12:0 a.m.9 views

WordPress Social Media & Share Icons Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 291847e2c77a Credits WordFence...

4.3CVSS4.4AI score0.00512EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/07/28 12:0 a.m.14 views

WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ecda45839866 Credits WordFence...

4.3CVSS4.4AI score0.00512EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/07/28 12:0 a.m.15 views

WordPress Backup Migration Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software Backup Migration Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ce79e63ce100 Credits Wordfence Required...

4.3CVSS4.4AI score0.00512EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/07/28 12:0 a.m.11 views

WordPress RSS Redirect & Feedburner Alternative Plugin <= 3.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software RSS Redirect & Feedburner Alternative Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b0595f356de3 Credits...

4.3CVSS4.3AI score0.00512EPSS
Exploits1References4Affected Software1
Patchstack
Patchstack
added 2023/07/28 12:0 a.m.8 views

WordPress Redirect Redirection Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Software Redirect Redirection Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5a0c6d86535e Credits WordFence...

4.3CVSS4.4AI score0.00512EPSS
Exploits1References4Affected Software1
Rows per page
Query Builder