Lucene search
K

105 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 9:20 p.m.7 views

CVE-2022-2541

The uContext for Amazon plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 3.9.1. This is due to missing nonce validation in the /app/sites/ajax/actions/keywordsave.php file that is called via the doAjax function. This makes i...

8.8CVSS6AI score0.0056EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 9:16 p.m.10 views

CVE-2022-2039

The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupportisettings function found in the /livesupporti.php file. This makes it possible for unauthenticated attacke...

8.8CVSS6.6AI score0.0053EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 3:9 p.m.13 views

CVE-2020-36840

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxrouteurl function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers t...

9.8CVSS6.7AI score0.00403EPSS
Exploits0
CVE
CVE
added 2025/02/04 9:21 a.m.49 views

CVE-2024-13510

The CVE-2024-13510 entry covers the WordPress ShopSite plugin (versions up to 1.5.10) vulnerable to Cross-Site Request Forgery, enabling unauthenticated attackers to update settings and inject malicious scripts via forged requests that trick an admin into performing an action. Technical details a...

6.1CVSS6.5AI score0.0015EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/01/25 7:24 a.m.4 views

CVE-2024-12076 Target Video Easy Publish <= 3.8.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Target Video Easy Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the resynccarousel, seeksnapshot, uploadedcc, and removecc functions. This makes it possible for...

6.1CVSS6.6AI score0.00318EPSS
Exploits0References7
NVD
NVD
added 2025/01/21 11:15 a.m.21 views

CVE-2024-13444

The wp-greet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via...

6.1CVSS0.00195EPSS
Exploits0References6
NVD
NVD
added 2025/01/21 10:15 a.m.31 views

CVE-2024-12005

The WP-BibTeX plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the wpbibtexoptionpage function. This makes it possible for unauthenticated attackers to inject malicious web scripts...

6.1CVSS0.00178EPSS
Exploits0References4
CVE
CVE
added 2025/01/07 4:22 a.m.44 views

CVE-2024-12291

CVE-2024-12291 : The ViewMedica 9 WordPress plugin is vulnerable to Cross-Site Request Forgery that leads to a Reflected Cross-Site Scripting condition in all versions up to 1.4.15. The root cause is missing or incorrect nonce validation on a function, enabling unauthenticated attackers to induce...

6.1CVSS7.1AI score0.0019EPSS
Exploits0References3
Cvelist
Cvelist
added 2024/12/21 7:3 a.m.23 views

CVE-2024-11975 Reactflow Visitor Recording and Heatmaps <= 1.0.10 - Reflected Cross-Site Scripting

The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wpnonce' parameter in all versions up to, and including, 1.0.10 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attacke...

6.1CVSS0.00436EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/12/20 6:59 a.m.9 views

CVE-2024-11812 Wtyczka SeoPilot dla WP <= 3.3.091 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Wtyczka SeoPilot dla WP plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.091. This is due to missing or incorrect nonce validation on the SeoPilotAdminOptions function. This makes it possible for unauthenticated attackers to update...

6.1CVSS6.5AI score0.00155EPSS
Exploits0References2
NVD
NVD
added 2024/12/17 8:15 a.m.18 views

CVE-2024-12220

The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forg...

6.1CVSS0.00217EPSS
Exploits0References3
NVD
NVD
added 2024/12/06 9:15 a.m.16 views

CVE-2024-9872

The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the vcitasaveuserdatacallback function in all versions up to, and including, 4.5.1. This makes it possible for authenticated...

5.4CVSS0.0025EPSS
Exploits0References2
NVD
NVD
added 2024/12/06 9:15 a.m.11 views

CVE-2024-11336

The Clickbank WordPress Plugin Storefront plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce validation via the csmenu page. This makes it possible for unauthenticated attackers to update settings a...

6.1CVSS0.00151EPSS
Exploits0References2
NVD
NVD
added 2024/11/26 4:15 a.m.26 views

CVE-2024-11342

The Skt NURCaptcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing or incorrect nonce validation in the skt-nurc-admin.php file. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00215EPSS
Exploits0References4
CVE
CVE
added 2024/11/26 3:25 a.m.59 views

CVE-2024-11342

CVE-2024-11342 pertains to the WordPress plugin Skt NURCaptcha. Affected versions: all up to and including 3.5.0. Root cause: missing/incorrect nonce validation in skt-nurc-admin.php, enabling Cross-Site Request Forgery. Impact: unauthenticated attackers could trick a site administrator into upda...

6.1CVSS5.9AI score0.00215EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/11/21 2:6 a.m.36 views

CVE-2024-10726 Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious w...

6.1CVSS0.00273EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2024/11/21 2:6 a.m.11 views

CVE-2024-10726 Friendly Functions for Welcart <= 1.2.4 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to inject malicious w...

6.1CVSS7.2AI score0.00273EPSS
Exploits0References4
CVE
CVE
added 2024/11/07 1:57 a.m.55 views

CVE-2024-10922

CVE-2024-51647 describes a CSRF to Stored XSS vulnerability in the WordPress plugin Chaser324 Featured Posts Scroll, affecting versions up to 1.25. The issue enables stored XSS via CSRF in the plugin’s Featured Posts Scroll component. Public-facing details in connected documents confirm the affec...

6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/11/07 1:57 a.m.17 views

CVE-2024-10922

...

6.6AI score
Exploits0
NVD
NVD
added 2024/10/31 7:15 a.m.11 views

CVE-2024-9434

The WPGlobus Translate Options plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing or incorrect nonce validation on the ontranslateoptionspage function. This makes it possible for unauthenticated attackers to inject...

6.1CVSS0.00158EPSS
Exploits0References2
Rows per page
Query Builder