9 matches found
CVE-2023-3977
Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handleinstallation function that is called via the inisevinstallation AJAX aciton in various versions. This makes it possible for...
CVE-2023-3977
CVE-2023-3977 describes a Cross‑Site Request Forgery (CSRF) in multiple Inisev WordPress plugins, due to a missing nonce on the handle_installation function invoked by inisev_installation via AJAX. This enables unauthenticated attackers to trigger installation of plugins from a limited list if a ...
WordPress Clone Plugin <= 2.3.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Clone Type Plugin Vulnerable versions = 2.3.7 Fixed in 2.3.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 96ed031b1483 Credits Wordfence Required privilege...
WordPress SSL Mixed Content Fix Plugin <= 3.2.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software SSL Mixed Content Fix Type Plugin Vulnerable versions = 3.2.3 Fixed in 3.2.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f6d84c36e0ce Credits WordFence...
WordPress Social Media & Share Icons Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)
Software Social Media & Share Icons Type Plugin Vulnerable versions = 2.8.1 Fixed in 2.8.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 291847e2c77a Credits WordFence...
WordPress Ultimate Posts Widget Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Ultimate Posts Widget Type Plugin Vulnerable versions = 2.2.4 Fixed in 2.2.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ecda45839866 Credits WordFence...
WordPress Backup Migration Plugin <= 1.2.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software Backup Migration Type Plugin Vulnerable versions = 1.2.7 Fixed in 1.2.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID ce79e63ce100 Credits Wordfence Required...
WordPress RSS Redirect & Feedburner Alternative Plugin <= 3.7 is vulnerable to Cross Site Request Forgery (CSRF)
Software RSS Redirect & Feedburner Alternative Type Plugin Vulnerable versions = 3.7 Fixed in 3.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b0595f356de3 Credits...
WordPress Redirect Redirection Plugin <= 1.1.3 is vulnerable to Cross Site Request Forgery (CSRF)
Software Redirect Redirection Type Plugin Vulnerable versions = 1.1.3 Fixed in 1.1.4 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3977 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5a0c6d86535e Credits WordFence...