Lucene search
K

1116 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.5 views

CVE-2021-4391

The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to missing or incorrect nonce validation on the mwbwgmsavepost function. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.8AI score0.00399EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:50 p.m.3 views

CVE-2021-4409

The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpfdeletefeed function. This makes it possible for unauthenticated attackers to delete an export...

4.3CVSS5.8AI score0.00342EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.7 views

CVE-2021-4414

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce validation on the wcalpreviewemails function. This makes it possible for unauthenticated attackers to generat...

4.3CVSS5.8AI score0.00384EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.3 views

CVE-2021-4427

The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect nonce validation in the /admin/partials/free-comments-for-wordpress-vuukle-admin-display.php file. This...

4.3CVSS5.8AI score0.005EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.6 views

CVE-2021-4333

The WP Statistics plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 13.1.1. This is due to missing or incorrect nonce validation on the view function. This makes it possible for unauthenticated attackers to activate and deactivate arbitrary plugins...

6.5CVSS6AI score0.00375EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.5 views

CVE-2021-4405

The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...

4.3CVSS5.8AI score0.0033EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.6 views

CVE-2021-4425

The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verifyotplogintime function. This makes it possible for unauthenticated attackers to verify a one time login...

4.3CVSS5.8AI score0.005EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.3 views

CVE-2021-4416

The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdfadminsavepost function. This makes it possible for unauthenticated attackers to save post data via a forged request...

4.3CVSS5.8AI score0.00345EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.4 views

CVE-2021-4384

The WordPress Photo Gallery – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the loadimagesthumbnail and editgallery functions. This makes it possible for unauthenticat...

4.3CVSS5.8AI score0.00354EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:20 p.m.19 views

CVE-2021-24166

The wpajaxnfoauthdisconnect from the Ninja Forms Contact Form – The Drag and Drop Form Builder for WordPress WordPress plugin before 3.4.34 had no nonce protection making it possible for attackers to craft a request to disconnect a site's OAuth connection...

5.8CVSS6.8AI score0.00458EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/03 4:7 a.m.18 views

CVE-2025-2168

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.1. This is due to missing or incorrect non...

4.3CVSS6.6AI score0.00167EPSS
Exploits0References1
OSV
OSV
added 2025/04/12 7:15 a.m.5 views

CVE-2024-13337

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcrclearfy' page. This makes it possibl...

4.3CVSS5.6AI score0.00168EPSS
Exploits0References3
OSV
OSV
added 2025/04/12 7:15 a.m.2 views

CVE-2024-13338

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfycachedelete functionality . This makes ...

4.3CVSS5.6AI score0.00133EPSS
Exploits0References2
OSV
OSV
added 2025/04/03 12:15 p.m.2 views

CVE-2025-2299

The LuckyWP Table of Contents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.10. This is due to missing or incorrect nonce validation on the 'ajaxEdit' function. This makes it possible for unauthenticated attackers to inject arbitrary we...

6.1CVSS5.7AI score0.002EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/03/16 6:6 a.m.10 views

CVE-2025-1764

The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custompluginsetoption' function. This makes it possible for...

7.5CVSS7AI score0.00203EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/15 11:13 a.m.31 views

CVE-2025-1530 Tripetto <= 8.0.9 - Cross-Site Request Forgery to Arbitrary Results Deletion

The Tripetto plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.0.9. This is due to missing nonce validation. This makes it possible for unauthenticated attackers to delete arbitrary results via a forged request granted they can trick a site...

4.3CVSS0.00179EPSS
Exploits0References6
CNNVD
CNNVD
added 2025/03/15 12:0 a.m.4 views

WordPress plugin Tripetto 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

4.3CVSS8.7AI score0.00179EPSS
Exploits0References8
OSV
OSV
added 2025/03/10 5:15 a.m.5 views

CVE-2025-1926

The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.8. This is due to missing or incorrect nonce validation on the pagelayersavepost function. This makes it possible for...

4.3CVSS7.2AI score0.00155EPSS
Exploits0References2
OSV
OSV
added 2025/03/08 12:15 p.m.3 views

CVE-2024-11640

The VikRentCar Car Rental Management System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for unauthenticated attackers to change...

8.8CVSS6.3AI score
Exploits0References2
OSV
OSV
added 2025/03/04 9:15 a.m.2 views

CVE-2024-13682

The Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.2. This is due to missing or incorrect nonce validation in...

4.3CVSS5.6AI score0.00138EPSS
Exploits0References2
Rows per page
Query Builder