Lucene search
K

1115 matches found

WPVulnDB
WPVulnDB
added 2024/02/05 12:0 a.m.10 views

Email Before Download <= 6.9.7 - Cross-Site Request Forgery

Description The Email Before Download plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.9.7. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forg...

4.3CVSS6.3AI score0.00277EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/02/05 12:0 a.m.5 views

PT-2024-15727 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to, and including, 6.7.2 Description: The issue is due to missing or incorrect nonce validation on the update...

6.1CVSS5.3AI score0.00212EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2024/02/02 5:33 a.m.15 views

CVE-2024-1162

The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS6.7AI score0.00234EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2024/01/24 12:0 a.m.17 views

Views for WPForms < 3.2.3 - Cross-Site Request Forgery via save_view

Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'saveview' function. This makes it...

4.3CVSS6.7AI score0.00234EPSS
Exploits0References1Affected Software1
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.4 views

VulnCheck KEV: CVE-2021-24353

The importdata function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects...

8.8CVSS7.1AI score0.01107EPSS
Exploits2References1
Prion
Prion
added 2024/01/20 6:15 a.m.20 views

Cross site request forgery (csrf)

The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbpclearpatternscache function. This makes it possible for unauthenticated attackers to clear the...

4.3CVSS6.6AI score0.00669EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/18 12:0 a.m.16 views

Profile Builder Pro < 3.10.1 - Cross-Site Request Forgery

Description The Profile Builder Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.10.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged...

8.8CVSS6.7AI score0.00263EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/17 12:0 a.m.11 views

Hreflang Manager < 1.07 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.06. This is due to missing nonce validation in the /admin/view/connections.php file. This makes it possible for unauthenticated attackers to modify, delete, and clone connections via a forge...

6.7AI score
Exploits0References1Affected Software1
OSV
OSV
added 2024/01/16 4:15 p.m.3 views

CVE-2022-23180

The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...

4.3CVSS5.8AI score0.0053EPSS
Exploits2References2
OSV
OSV
added 2024/01/11 9:15 a.m.4 views

CVE-2023-4247

The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the givesendwpdisconnect function. This makes it possible for unauthenticated attackers to deactivate the SendWP plugin via...

5.4CVSS7.2AI score0.00259EPSS
Exploits0References3
Prion
Prion
added 2024/01/05 2:15 a.m.20 views

Cross site request forgery (csrf)

The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for...

4.3CVSS6.6AI score0.00198EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2024/01/05 12:0 a.m.9 views

WP Simple Booking Calendar < 2.0.8.5 - Cross-Site Request Forgery

Description The WP Simple Booking Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.8.4. This is due to missing or incorrect nonce validation on the wpsbcrefreshcalendareditor function. This makes it possible for unauthenticated...

6.6AI score0.00202EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2023/12/25 12:0 a.m.5 views

PT-2023-31463 · Unknown · Foundation

Name of the Vulnerable Software and Affected Versions: Foundation platform version 1.0 Description: The issue allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation. The signed message lacks a nonce, which is a random number. This flaw may expos...

7.6CVSS7AI score0.0053EPSS
Exploits0References5
OSV
OSV
added 2023/12/09 7:15 a.m.4 views

CVE-2023-5756

The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX...

8.8CVSS5.8AI score0.00272EPSS
Exploits0References2
WPVulnDB
WPVulnDB
added 2023/12/08 12:0 a.m.15 views

Button Generator – easily Button Builder < 2.3.9 - Cross-Site Request Forgery

Description The Button Generator – easily Button Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.8. This is due to missing nonce validation on the btgcount function. This makes it possible for unauthenticated attackers to reset the...

8.8CVSS8.7AI score0.00294EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2023/11/24 12:0 a.m.6 views

Checkout Field Editor < 1.7.5 - Cross-Site Request Forgery to Checkout Fields Update

Description The Checkout Field Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.4. This is due to missing nonce validation when updating checkout fields. This makes it possible for unauthenticated attackers to update checkout fields via...

6.7AI score
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.18 views

WP Links Page < 4.9.5 - Cross-Site Request Forgery via wplf_ajax_update_screenshots

Description The WP Links Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.4. This is due to missing or incorrect nonce validation on the 'wplfajaxupdatescreenshots' function. This makes it possible for unauthenticated attackers to update...

8.8CVSS6.4AI score0.00288EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2023/11/23 12:0 a.m.15 views

Plugin Name: Device Theme Switcher <= 3.0.2 - Cross-Site Request Forgery

Description The Plugin Name: Device Theme Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.2. This is due to missing or incorrect nonce validation on the saveadminpagesettings function. This makes it possible for unauthenticated...

8.8CVSS6.6AI score0.00294EPSS
Exploits0References1
OSV
OSV
added 2023/11/22 4:15 p.m.2 views

CVE-2023-6008

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...

4.3CVSS5.8AI score0.00178EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/11/22 4:15 p.m.5 views

CVE-2023-2440

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...

8.8CVSS7.1AI score0.00276EPSS
Exploits0References3
Rows per page
Query Builder