Lucene search
K

1115 matches found

CVE
CVE
added 2024/07/12 2:36 a.m.48 views

CVE-2024-1375

CVE-2024-1375 affects the WordPress Event post plugin. A missing nonce check in the save_bulkdatas function allows unauthorized bulk updates to post_meta_data in all versions up to 5.9.5. An unauthenticated attacker can exploit this by forging requests, requiring that a logged-in user be tricked ...

4.3CVSS5.9AI score0.00192EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.4 views

PT-2024-17987 · WordPress · Event Post Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Event post plugin for WordPress versions up to, and including, 5.9.5 Description: The issue allows unauthorized bulk metadata updates due to a missing nonce check on the save bulkdatas function. This enables unauthenticated attackers to updat...

4.3CVSS6.9AI score0.00192EPSS
Exploits0References5
OSV
OSV
added 2024/07/03 5:15 a.m.4 views

CVE-2024-4543

The Snippet Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.1.4. This is due to missing or incorrect nonce validation when adding or editing shortcodes. This makes it possible for unauthenticated attackers to modify shortcodes vi...

4.3CVSS5.6AI score0.00202EPSS
Exploits0References2
CVE
CVE
added 2024/06/14 5:39 a.m.61 views

CVE-2024-5551

CVE-2024-5551 affects the WP STAGING Pro WordPress Backup Plugin. The vulnerability is a Cross-Site Forgery (CSRF) issue caused by missing/incorrect nonce validation on the sub parameter, allowing unauthenticated attackers to trigger actions that end in Local File Inclusion of files ending with -...

8.8CVSS7.4AI score0.0028EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2024/06/14 12:0 a.m.6 views

PT-2024-36536 · WordPress · Wp Staging Pro

Name of the Vulnerable Software and Affected Versions: WP STAGING Pro WordPress Backup Plugin versions up to, and including, 5.6.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the sub parameter. This allows unauthenticated attacke...

8.8CVSS6.7AI score0.0028EPSS
Exploits0References6
OSV
OSV
added 2024/06/06 2:15 a.m.5 views

CVE-2023-6968

The The Moneytizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 9.5.20. This is due to missing or incorrect nonce validation on multiple AJAX functions. This makes it possible for unauthenticated attackers to to update and retrieve billing...

5.4CVSS5.7AI score
Exploits0References2
OSV
OSV
added 2024/06/05 7:15 a.m.6 views

CVE-2024-2368

The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm function. This makes it possible for unauthenticated attackers to duplicate forms via a forged...

4.3CVSS5.6AI score0.00185EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/06/05 6:50 a.m.11 views

CVE-2024-4088 Gutenberg Blocks and Page Layouts – Attire Blocks <= 1.9.2 - Missing Authorization

The Gutenberg Blocks and Page Layouts – Attire Blocks plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the disablefeassets function in all versions up to, and including, 1.9.2. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.0028EPSS
Exploits0References2
OSV
OSV
added 2024/05/30 9:15 a.m.2 views

CVE-2024-4426

The Comparison Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on several functions hooked to AJAX actions. This makes it possible for unauthenticated attackers to change slid...

4.3CVSS5.6AI score0.00179EPSS
Exploits0References2
OSV
OSV
added 2024/05/30 5:15 a.m.6 views

CVE-2024-3947

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodosettings function. This makes it possible for unauthenticated attackers to modify the plugin's settings via ...

4.3CVSS5.7AI score0.00224EPSS
Exploits0References2
OSV
OSV
added 2024/05/30 5:15 a.m.3 views

CVE-2024-3943

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodoaddcomment function. This makes it possible for unauthenticated attackers to add comments to to do items via...

4.3CVSS5.6AI score0.00224EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/05/30 4:31 a.m.27 views

CVE-2024-3947 WP To Do <= 1.3.0 - Cross-Site Request Forgery via wptodo_settings

The WP To Do plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.0. This is due to missing or incorrect nonce validation on the wptodosettings function. This makes it possible for unauthenticated attackers to modify the plugin's settings via ...

4.3CVSS4.7AI score0.00224EPSS
Exploits0References3
OSV
OSV
added 2024/05/22 7:15 a.m.4 views

CVE-2024-1446

The NextScripts: Social Networks Auto-Poster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.3. This is due to missing or incorrect nonce validation on the nxssnap-reposter page. This makes it possible for unauthenticated attackers to...

4.3CVSS5.7AI score0.00181EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/05/19 12:0 a.m.17 views

Fast Custom Social Share by CodeBard <= 1.1.2 - Cross-Site Request Forgery

Description The Fast Custom Social Share by CodeBard plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions...

4.3CVSS6.4AI score0.00175EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/05/16 12:0 a.m.6 views

PT-2024-29706 · WordPress · Bulk Posts Editing For Wordpress

Name of the Vulnerable Software and Affected Versions: Bulk Posts Editing For WordPress plugin for WordPress versions up to, and including, 4.2.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the plugin's AJAX actions. This allows...

4.3CVSS6.7AI score0.00222EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/05/09 8:3 p.m.13 views

CVE-2024-4463 Squelch Tabs and Accordions Shortcodes <= 0.4.7 - Cross-Site Request Forgery

The Squelch Tabs and Accordions Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.4.7. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.6AI score0.00215EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/05/04 12:0 a.m.4 views

PT-2024-15194 · WordPress · Stop Spammers Security

Name of the Vulnerable Software and Affected Versions: Stop Spammers Security | Block Spam Users, Comments, Forms plugin for WordPress versions up to, and including, 2024.4 Description: The issue is due to missing or incorrect nonce validation on the sfs process AJAX action, making it possible fo...

5.4CVSS6.6AI score0.00194EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/05/02 12:0 a.m.6 views

PT-2024-24446 · WordPress · Paid Memberships Pro

Name of the Vulnerable Software and Affected Versions: Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress versions up to, and including, 3.0.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce...

5.3CVSS6.7AI score0.00297EPSS
Exploits0References8
WPVulnDB
WPVulnDB
added 2024/04/29 12:0 a.m.13 views

Slash Admin < 3.8.2 - Cross-Site Request Forgery

Description The Slash Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a...

7.1CVSS6.6AI score0.00184EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.17 views

eCommerce Product Catalog < 3.3.29 - Cross-Site Request Forgery

Description The eCommerce Product Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.28. This is due to missing or incorrect nonce validation on the handlemode function. This makes it possible for unauthenticated attackers to change mode...

4.3CVSS6.4AI score0.00212EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder