Lucene search
K

48 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-44015

Malicious code in bioql PyPI...

6.5CVSS6.4AI score0.00209EPSS
Exploits2References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2022-43260

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00326EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:54 a.m.7 views

CVE-2024-3477

The Popup Box WordPress plugin before 2.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting popups via CSRF attacks...

4.3CVSS6.8AI score0.00277EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 5:42 a.m.8 views

CVE-2023-0503

The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS5.6AI score0.00252EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:58 a.m.7 views

CVE-2023-1087

The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS7.8AI score0.00252EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:55 a.m.6 views

CVE-2023-0504

The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS5.6AI score0.00252EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/17 9:0 p.m.8 views

CVE-2024-8286

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks...

6.5CVSS6.9AI score0.00182EPSS
Exploits1References1
NVD
NVD
added 2025/05/15 8:15 p.m.6 views

CVE-2024-8286

The webtoffee-gdpr-cookie-consent WordPress plugin before 2.6.1 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting visit logs via CSRF attacks...

6.5CVSS0.00182EPSS
Exploits1References1
OSV
OSV
added 2025/05/15 8:15 p.m.5 views

CVE-2023-2334

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a...

5.4CVSS6AI score
Exploits0References1
CVE
CVE
added 2025/05/15 8:7 p.m.28 views

CVE-2024-8286

The CVE-2024-8286 entry concerns the WordPress plugin webtoffee-gdpr-cookie-consent prior to version 2.6.1, which reportedly lacks CSRF checks in certain bulk actions. Public sources in the connected documents confirm that this could allow an attacker to cause logged-in admins to perform unintend...

6.5CVSS6.5AI score0.00182EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2025/01/27 6:15 a.m.11 views

CVE-2024-12774

The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack...

6.5CVSS0.00218EPSS
Exploits1References1
OSV
OSV
added 2024/09/17 6:15 a.m.4 views

CVE-2024-8093

The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

6.5CVSS5.8AI score0.00178EPSS
Exploits1References1
OSV
OSV
added 2024/09/12 6:15 a.m.3 views

CVE-2024-7861

The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

6.1CVSS5.8AI score0.00177EPSS
Exploits1References1
OSV
OSV
added 2024/09/09 6:15 a.m.5 views

CVE-2024-7689

The Snapshot Backup WordPress plugin through 2.1.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack...

4.3CVSS5.8AI score0.00187EPSS
Exploits1References1
OSV
OSV
added 2024/06/14 6:15 a.m.3 views

CVE-2024-4751

The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

4.3CVSS5.8AI score0.00211EPSS
Exploits2References1
CVE
CVE
added 2024/05/02 6:0 a.m.69 views

CVE-2024-3478

The CVE CVE-2024-3478 affects the WordPress plugin Herd Effects. It explains that the plugin, prior to version 5.2.7, lacks CSRF checks in certain bulk actions, enabling a logged-in attacker to coerce an admin into performing unintended actions (e.g., deleting effects) via CSRF attacks. Public so...

6.1CVSS6.7AI score0.00223EPSS
Exploits2References1Affected Software1
CVE
CVE
added 2024/05/02 6:0 a.m.68 views

CVE-2024-3474

CVE-2024-3474 concerns the WordPress plugin Wow Skype Buttons (versions before 4.0.4). The issue is a CSRF vulnerability in certain bulk actions that can let an authenticated, logged-in admin perform unauthorized operations, such as deleting buttons, via crafted requests. Public descriptions in R...

8.8CVSS6.7AI score0.0035EPSS
Exploits2References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/05 12:0 a.m.15 views

ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack PoC Make an admin open a URL like where is a valid ID: http://example.com/wp-admin/admin.php?page=enl-campaigns=campaign-delete=...

6.6AI score0.00281EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.17 views

DeepL Pro API translation < 2.4.1.2 - Log Pruning via CSRF

Description The plugin does not have CSRF checks when pruning logs, which could allow attackers to make logged in admins perform such action via a CSRF attack...

8.8CVSS6.8AI score0.00261EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/17 12:0 a.m.18 views

Thumbnail Slider With Lightbox < 1.0.1 - Arbitrary File Upload via CSRF

Description The plugin does not have CSRF check in the addedit feature, which could allow attackers to make logged in admins upload arbitrary files via a CSRF attack...

9.6CVSS6.9AI score0.00317EPSS
Exploits0Affected Software1
Rows per page
Query Builder