Lucene search
K

1117 matches found

CVE
CVE
added 2025/01/07 3:21 a.m.46 views

CVE-2024-12557

CVE-2024-12557 affects the Transporters.io WordPress plugin. The issue is a Cross‑Site Request Forgery due to missing nonce validation in a function, enabling unauthenticated attackers to trigger actions via forged requests when an admin clicks a link. Affected versions are up to 2.0.84. The Word...

6.1CVSS7.1AI score0.00189EPSS
Exploits0References3
OSV
OSV
added 2024/12/07 2:15 a.m.6 views

CVE-2024-12115

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.5.4. This is due to missing or incorrect nonce validation on the duplicatepoll function. This makes it possible for unauthenticated...

4.3CVSS5.6AI score0.0015EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/12/07 12:0 a.m.5 views

PT-2024-17447 · WordPress · The Poll Maker – Versus Polls

Name of the Vulnerable Software and Affected Versions: The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress versions up to, and including, 5.5.4 Description: The issue is due to missing or incorrect nonce validation on the duplicate poll function, making it possible fo...

4.3CVSS6.9AI score0.0015EPSS
Exploits0References8
OSV
OSV
added 2024/11/27 11:15 a.m.4 views

CVE-2024-10521

The WordPress Contact Forms by Cimatti plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.2. This is due to missing or incorrect nonce validation on the processbulkaction function. This makes it possible for unauthenticated attackers to dele...

4.3CVSS5.7AI score0.00212EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2024/11/22 12:0 a.m.5 views

PT-2024-16973 · WordPress · Wp-Orphanage Extended

Name of the Vulnerable Software and Affected Versions: WP-Orphanage Extended plugin for WordPress versions up to, and including, 1.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the wporphanageex menu settings function. This allow...

8.8CVSS9.3AI score0.00304EPSS
Exploits0References6
OSV
OSV
added 2024/11/13 3:15 a.m.4 views

CVE-2024-11143

The Kognetiks Chatbot for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.8. This is due to missing or incorrect nonce validation on the updateassistant, addnewassistant, and deleteassistant functions. This makes it possible for...

4.3CVSS7.2AI score0.00243EPSS
Exploits0References2
OSV
OSV
added 2024/11/13 3:15 a.m.10 views

CVE-2024-10593

The WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.1.6. This is due to missing or incorrect nonce validation on the processadminui function. This...

4.3CVSS5.7AI score0.00276EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2024/10/16 7:15 a.m.4 views

CVE-2022-4974

The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the getdebuglog, getdboption, and the setdboption functions in versions up to, and...

6.3CVSS5.9AI score0.00424EPSS
Exploits0References7
VulnCheck KEV
VulnCheck KEV
added 2024/10/15 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-4445

The Premium Addons for Elementor plugin for WordPress is vulnerable to Arbitrary Option Updates in versions up to, and including, 4.5.1. This is due to missing capability and nonce checks in the padismissadminnotice AJAX action. This makes it possible for authenticated subscriber+ attackers to...

6.5CVSS5.8AI score0.00385EPSS
Exploits1References1
OSV
OSV
added 2024/10/12 6:15 a.m.5 views

CVE-2024-9778

The ImagePress – Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the 'imagepressadminpage' function. This makes it possible for unauthenticated attackers to update...

4.3CVSS5.7AI score0.00232EPSS
Exploits0References7
CVE
CVE
added 2024/09/25 2:4 a.m.46 views

CVE-2024-7386

CVE-2024-7386: The Premium Packages – Sell Digital Products Securely plugin for WordPress is affected by Cross-Site Request Forgery in versions

4.3CVSS4.7AI score0.0017EPSS
Exploits0References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/09/10 10:15 a.m.1 views

CVE-2023-2919

The Tutor LMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.4. This is due to missing or incorrect nonce validation on the 'addonenabledisable' function. This makes it possible for unauthenticated attackers to enable or disable addons via a...

4.3CVSS5.8AI score0.00207EPSS
Exploits0References4
OSV
OSV
added 2024/08/21 6:15 a.m.2 views

CVE-2024-7647

The OTA Sync Booking Engine Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the otasyncwidgetsettingsfnc function. This makes it possible for unauthenticated attackers to...

6.1CVSS5.6AI score0.00214EPSS
Exploits0References2
OSV
OSV
added 2024/08/17 9:15 a.m.4 views

CVE-2023-3408

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'savesettings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including...

4.3CVSS5.6AI score0.00227EPSS
Exploits0References2
OSV
OSV
added 2024/08/15 3:15 a.m.3 views

CVE-2024-7420

The Insert PHP Code Snippet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation in the /admin/snippets.php file. This makes it possible for unauthenticated attackers to activate/deactiva...

6.5CVSS5.7AI score0.00235EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/15 12:0 a.m.4 views

PT-2024-38335 · WordPress · Insert Php Code Snippet

Name of the Vulnerable Software and Affected Versions: Insert PHP Code Snippet plugin for WordPress versions up to, and including, 1.3.6 Description: The issue is due to missing or incorrect nonce validation in the "/admin/snippets.php" file, making it possible for unauthenticated attackers to...

6.5CVSS7.1AI score0.00235EPSS
Exploits0References10
OSV
OSV
added 2024/08/12 1:38 p.m.5 views

CVE-2024-7574

The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious...

6.1CVSS5.6AI score0.00184EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/10 5:37 a.m.40 views

CVE-2024-7574 Christmasify! <= 1.5.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Christmasify! plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.5. This is due to missing nonce validation on the 'options' function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious...

6.1CVSS0.00184EPSS
Exploits0References2
NVD
NVD
added 2024/08/08 3:15 a.m.13 views

CVE-2024-7492

The MainWP Child Reports plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2. This is due to missing or incorrect nonce validation on the networkoptionsaction function. This makes it possible for unauthenticated attackers to update arbitrary...

8.8CVSS0.00289EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/08/08 12:0 a.m.6 views

PT-2024-38382 · WordPress · Mainwp Child Reports

Name of the Vulnerable Software and Affected Versions: MainWP Child Reports plugin for WordPress versions up to, and including, 2.2 Description: The issue is due to missing or incorrect nonce validation on the network options action function, making it possible for unauthenticated attackers to...

8.8CVSS7.2AI score0.00289EPSS
Exploits0References8
Rows per page
Query Builder