1117 matches found
CVE-2024-12557
CVE-2024-12557 affects the Transporters.io WordPress plugin. The issue is a Cross‑Site Request Forgery due to missing nonce validation in a function, enabling unauthenticated attackers to trigger actions via forged requests when an admin clicks a link. Affected versions are up to 2.0.84. The Word...
CVE-2024-12115
The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicatepoll function. This makes it possible for unauthenticated...
PT-2024-17447 · WordPress · The Poll Maker – Versus Polls
Name of the Vulnerable Software and Affected Versions: The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress versions up to, and including, 5.5.4 Description: The issue is due to missing or incorrect nonce validation on the duplicate poll function, making it possible fo...
CVE-2024-10521
The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...
PT-2024-16973 · WordPress · Wp-Orphanage Extended
Name of the Vulnerable Software and Affected Versions: WP-Orphanage Extended plugin for WordPress versions up to, and including, 1.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the wporphanageex menu settings function. This allow...
CVE-2024-11143
The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the updateassistant, addnewassistant, and deleteassistant functions. This makes it possible for...
CVE-2024-10593
The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validation on the processadminui function. This...
CVE-2022-4974
The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...
VulnCheck KEV: CVE-2021-4445
The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the padismissadminnotice AJAX action. This makes it possible for authenticated subscriber+ attackers to...
CVE-2024-9778
The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...
CVE-2024-7386
CVE-2024-7386: The Premium Packages – Sell Digital Products Securely plugin for WordPress is affected by Cross-Site Request Forgery in versions
CVE-2023-2919
The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addonenabledisable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a...
CVE-2024-7647
The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasyncwidgetsettingsfnc function. This makes it possible for unauthenticated attackers to...
CVE-2023-3408
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...
CVE-2024-7420
The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactiva...
PT-2024-38335 · WordPress · Insert Php Code Snippet
Name of the Vulnerable Software and Affected Versions: Insert PHP Code Snippet plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is due to missing or incorrect nonce validation in the "/admin/snippets.php" file, making it possible for unauthenticated attackers to...
CVE-2024-7574
The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious...
CVE-2024-7574 Christmasify! <= 1.5.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting
The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious...
CVE-2024-7492
The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary...
PT-2024-38382 · WordPress · Mainwp Child Reports
Name of the Vulnerable Software and Affected Versions: MainWP Child Reports plugin for WordPress versions up to, and including, 2.2 Description: The issue is due to missing or incorrect nonce validation on the network options action function, making it possible for unauthenticated attackers to...