CVE-2025-0954

CVE-2025-0954 affects the WordPress plugin “WP Online Contract”. The vulnerability is a missing capability check in json_import() and json_export() across all versions up to 5.1.4, allowing unauthenticated attackers to import/export the plugin’s settings. Public sources in the provided documents ...

CVE-2020-36736

The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the exportjson, importjson, and statuslogsfile functions. This makes it possibl...

Cross site request forgery (csrf)

The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the exportjson, importjson, and statuslogsfile functions. This makes it possibl...

WordPress Plugin Import / Export Customizer Settings 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

PT-2023-11877 · WordPress · Import / Export Customizer Settings

Name of the Vulnerable Software and Affected Versions: Import / Export Customizer Settings plugin for WordPress versions up to, and including, 1.0.3 Description: The issue is due to missing or incorrect nonce validation on the astra admin errors function, making it possible for unauthenticated...