Cross site request forgery (csrf)

The WooCommerce Pre-Orders WordPress plugin before 2.0.3 has a flawed CSRF check when canceling pre-orders, which could allow attackers to make logged in admins cancel arbitrary pre-orders via a CSRF attack...

CVE-2021-25075

CVE-2021-25075 documents a stored cross-site scripting vulnerability in the WordPress plugin Duplicate Page or Post before version 1.5.1. The flaw stems from missing authorization checks and a flawed CSRF validation in the AJAX action wpdevart_duplicate_post_parametrs_save_in_db, allowing any aut...