Lucene search
K

1115 matches found

WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

Amelia < 1.0.96 - Cross-Site Request Forgery

Description The Amelia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.95. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...

5.4CVSS6.5AI score0.00197EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/04/09 6:58 p.m.90 views

CVE-2024-2125

The EnvíaloSimple: Email Marketing y Newsletters for WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) up to version 2.3 due to missing nonce validation in gallery_add, allowing unauthenticated attackers to upload arbitrary files if a site admin is tricked into performing an act...

8.8CVSS7.3AI score0.00414EPSS
Exploits0References3Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.19 views

Events Manager < 6.4.7.2 - Cross-Site Request Forgery

Description The Events Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...

4.3CVSS6.5AI score0.00212EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

Easy Social Feed < 6.5.7 - Cross-Site Request Forgery

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

4.3CVSS5.6AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.11 views

Broken Images <= 0.2 - Cross-Site Request Forgery

Description The Broken Images plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a...

7.1CVSS6.1AI score0.00195EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.15 views

Church Admin < 4.1.8 - Cross-Site Request Forgery

Description The Church Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1.7. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request...

4.3CVSS6.5AI score0.00214EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/03 12:0 a.m.14 views

Slugs Manager < 2.7.0 - Cross-Site Request Forgery

Description The Slugs Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.7. This is due to missing or incorrect nonce validation on the maybeflushrewriterules function. This makes it possible for unauthenticated attackers to flush the...

4.3CVSS6.6AI score0.002EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/29 7:15 a.m.5 views

CVE-2024-2969

The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...

5.4CVSS5.6AI score0.00189EPSS
Exploits0References2
OSV
OSV
added 2024/03/29 7:15 a.m.3 views

CVE-2024-2964

The Pocket News Generator plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.0. This is due to missing or incorrect nonce validation on the optionpage function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00187EPSS
Exploits0References2
OSV
OSV
added 2024/03/28 2:15 a.m.4 views

CVE-2024-2110

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers...

4.3CVSS7.2AI score0.00215EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/03/22 12:0 a.m.19 views

Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing < 3.6.4 - Plugin Settings Update via CSRF

Description The Pretty Links – Affiliate Links, Link Branding, Link Tracking & Marketing Plugin is vulnerable to Cross-Site Request Forgery. This is due to missing or incorrect nonce validation when saving plugin settings. This makes it possible for unauthenticated attackers to change the plugin'...

4.3CVSS6.5AI score0.0021EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2024/03/20 7:15 a.m.4 views

CVE-2024-1325

The Live Sales Notification for Woocommerce – Woomotiv plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.4.3. This is due to missing or incorrect nonce validation on the 'ajaxcancelreview' function. This makes it possible for unauthenticated...

4.3CVSS5.7AI score0.00253EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2024/03/20 1:58 a.m.14 views

CVE-2024-1785 Contests by Rewards Fuel <= 2.0.62 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Contests by Rewards Fuel plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.62. This is due to missing or incorrect nonce validation on the ajaxhandler function. This makes it possible for unauthenticated attackers to update the plugin's...

5.4CVSS7.2AI score0.00309EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.5 views

CVE-2024-1489

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attacker...

4.3CVSS5.6AI score0.00239EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.6 views

CVE-2024-0592

The Related Posts for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the handlecreatelink function. This makes it possible for unauthenticated attackers to add related...

5.4CVSS7.2AI score0.00285EPSS
Exploits0References3
Prion
Prion
added 2024/03/13 4:15 p.m.19 views

Cross site request forgery (csrf)

The SMS Alert Order Notifications – WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.9. This is due to missing or incorrect nonce validation on the processBulkAction function. This makes it possible for unauthenticated attacker...

4.3CVSS6.6AI score0.00239EPSS
Exploits0References2
Prion
Prion
added 2024/03/13 4:15 p.m.17 views

Cross site request forgery (csrf)

The Play.ht – Make Your Blog Posts Accessible With Text to Speech Audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.6.4. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticat...

4.3CVSS6.7AI score0.00232EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.8 views

PT-2024-18088 · WordPress · Sms Alert Order Notifications

Name of the Vulnerable Software and Affected Versions: SMS Alert Order Notifications – WooCommerce plugin for WordPress versions up to, and including, 3.6.9 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the processBulkAction...

4.3CVSS9.3AI score0.00239EPSS
Exploits0References5
OSV
OSV
added 2024/03/12 10:15 a.m.7 views

CVE-2023-4729

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the publishlp function hooked via an AJAX action in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to change the LadiPage key a key fully controll...

4.3CVSS5.7AI score0.00208EPSS
Exploits0References2
OSV
OSV
added 2024/03/12 10:15 a.m.3 views

CVE-2023-4628

The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflowsavehook function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflowhookconfigs' option via a forged request...

4.3CVSS5.6AI score0.0021EPSS
Exploits0References2
Rows per page
Query Builder