1115 matches found
CVE-2024-1375
CVE-2024-1375 affects the WordPress Event post plugin. A missing nonce check in the save_bulkdatas function allows unauthorized bulk updates to post_meta_data in all versions up to 5.9.5. An unauthenticated attacker can exploit this by forging requests, requiring that a logged-in user be tricked ...
PT-2024-17987 · WordPress · Event Post Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Event post plugin for WordPress versions up to, and including, 5.9.5 Description: The issue allows unauthorized bulk metadata updates due to a missing nonce check on the save bulkdatas function. This enables unauthenticated attackers to updat...
CVE-2024-4543
The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes vi...
CVE-2024-5551
CVE-2024-5551 affects the WP STAGING Pro WordPress Backup Plugin. The vulnerability is a Cross-Site Forgery (CSRF) issue caused by missing/incorrect nonce validation on the sub parameter, allowing unauthenticated attackers to trigger actions that end in Local File Inclusion of files ending with -...
PT-2024-36536 · WordPress · Wp Staging Pro
Name of the Vulnerable Software and Affected Versions: WP STAGING Pro WordPress Backup Plugin versions up to, and including, 5.6.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the sub parameter. This allows unauthenticated attacke...
CVE-2023-6968
The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.5.20. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing...
CVE-2024-2368
The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm function. This makes it possible for unauthenticated attackers to duplicate forms via a forged...
CVE-2024-4088 Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization
The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disablefeassets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with...
CVE-2024-4426
The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated attackers to change slid...
CVE-2024-3947
The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodosettings function. This makes it possible for unauthenticated attackers to modify the plugin's settings via ...
CVE-2024-3943
The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodoaddcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via...
CVE-2024-3947 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings
The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodosettings function. This makes it possible for unauthenticated attackers to modify the plugin's settings via ...
CVE-2024-1446
The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to...
Fast Custom Social Share by CodeBard <= 1.1.2 - Cross-Site Request Forgery
Description The Fast Custom Social Share by CodeBard plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions...
PT-2024-29706 · WordPress · Bulk Posts Editing For Wordpress
Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the plugin's AJAX actions. This allows...
CVE-2024-4463 Squelch Tabs and Accordions Shortcodes <= 0.4.7 - Cross-Site Request Forgery
The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to modify...
PT-2024-15194 · WordPress · Stop Spammers Security
Name of the Vulnerable Software and Affected Versions: Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress versions up to, and including, 2024.4 Description: The issue is due to missing or incorrect nonce validation on the sfs process AJAX action, making it possible fo...
PT-2024-24446 · WordPress · Paid Memberships Pro
Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress versions up to, and including, 3.0.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce...
Slash Admin < 3.8.2 - Cross-Site Request Forgery
Description The Slash Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a...
eCommerce Product Catalog < 3.3.29 - Cross-Site Request Forgery
Description The eCommerce Product Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.28. This is due to missing or incorrect nonce validation on the handlemode function. This makes it possible for unauthenticated attackers to change mode...