CVE-2022-4218

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquizzes function. This makes it possible for unauthenticated attackers to delete quizzes and copy quizzes via a forged...

Cross site request forgery (csrf)

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquestions function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged...

CVE-2022-4220 Chained Quiz <= 1.3.2.4 - Cross-Site Request Forgery to Question Deletion

The Chained Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.2.4. This is due to missing nonce validation on the listquestions function. This makes it possible for unauthenticated attackers to delete questions from quizzes via a forged...

PT-2022-26300 · WordPress · Chained Quiz

Name of the Vulnerable Software and Affected Versions: Chained Quiz plugin for WordPress versions up to, and including, 1.3.2.4 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the list quizzes function. This allows unauthenticated attackers to...

WordPress plugin Chained Quiz 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

CVE-2022-3240 Follow Me Plugin <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

CVE-2022-3240 Follow Me Plugin <= 3.1.1 - Cross-Site Request Forgery to Cross-Site Scripting

The "Follow Me Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.1. This is due to missing nonce validation on the FollowMeIgniteSocialMediaoptionspage function. This makes it possible for unauthenticated attackers to modify the plugin'...

PT-2022-21296 · WordPress · Follow Me Plugin

Name of the Vulnerable Software and Affected Versions: Follow Me Plugin versions up to, and including, 3.1.1 Description: The issue is due to missing nonce validation on the FollowMeIgniteSocialMedia options page function, making it possible for unauthenticated attackers to modify the plugin's...

WordPress plugin Follow Me Plugin 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. WordPress plugin Follow Me Plugin 3.1.1 and...

CVE-2022-2696

The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress is vulnerable to authorization bypass via several AJAX actions in versions up to, and including 2.3.0 due to missing capability checks and missing nonce validation. This makes it possible for authenticated attacke...

PT-2022-18142

Name of the Vulnerable Software and Affected Versions The Restaurant Menu – Food Ordering System – Table Reservation plugin for WordPress versions up to, and including 2.3.0 Description The issue allows for authorization bypass via several AJAX actions due to missing capability checks and missing...

WordPress plugin LBStopAttack 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

WordPress plugin Simple File List 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed using the PHP language. WordPress plugin is an application plugin. WordPress Simple File List versions prior to 4.4.12 are vulnerable to cross-site request forgery, which stems...

CVE-2022-2540

The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the adminpage function found in the /admin.php file. This makes it possible for unauthenticated...

CVE-2022-2518

The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockistsettingsmain function. This makes it possible for unauthenticated attackers to modify the plugin...

CVE-2022-2540

The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the adminpage function found in the /admin.php file. This makes it possible for unauthenticated...

CVE-2022-2518

The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockistsettingsmain function. This makes it possible for unauthenticated attackers to modify the plugin...

CVE-2022-2233

The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabcadminslidespostback function found in the /admin/admin.php file. This makes it possible for unauthenticated attackers to inje...

CVE-2022-2233

The Banner Cycler plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.4. This is due to missing nonce protection on the pabcadminslidespostback function found in the /admin/admin.php file. This makes it possible for unauthenticated attackers to inje...

Cross site request forgery (csrf)

The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockistsettingsmain function. This makes it possible for unauthenticated attackers to modify the plugin...