1115 matches found
Email Before Download <= 6.9.7 - Cross-Site Request Forgery
Description The Email Before Download plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.9.7. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forg...
PT-2024-15727 · WordPress · Formidable Forms
Name of the Vulnerable Software and Affected Versions: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder plugin for WordPress versions up to, and including, 6.7.2 Description: The issue is due to missing or incorrect nonce validation on the update...
CVE-2024-1162
The Orbit Fox by ThemeIsle plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10.29. This is due to missing or incorrect nonce validation on the registerreference function. This makes it possible for unauthenticated attackers to update the...
Views for WPForms < 3.2.3 - Cross-Site Request Forgery via save_view
Description The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'saveview' function. This makes it...
VulnCheck KEV: CVE-2021-24353
The importdata function of the Simple 301 Redirects by BetterLinks WordPress plugin before 2.0.4 had no capability or nonce checks making it possible for unauthenticated users to import a set of site redirects...
Cross site request forgery (csrf)
The VK Block Patterns plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.31.1.1. This is due to missing or incorrect nonce validation on the vbpclearpatternscache function. This makes it possible for unauthenticated attackers to clear the...
Profile Builder Pro < 3.10.1 - Cross-Site Request Forgery
Description The Profile Builder Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.10.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged...
Hreflang Manager < 1.07 - Cross-Site Request Forgery
Description The plugin is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.06. This is due to missing nonce validation in the /admin/view/connections.php file. This makes it possible for unauthenticated attackers to modify, delete, and clone connections via a forge...
CVE-2022-23180
The Contact Form & Lead Form Elementor Builder WordPress plugin before 1.7.4 doesn't have authorisation and nonce checks, which could allow any authenticated users, such as subscriber to update and change various settings...
CVE-2023-4247
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the givesendwpdisconnect function. This makes it possible for unauthenticated attackers to deactivate the SendWP plugin via...
Cross site request forgery (csrf)
The Depicter Slider – Responsive Image Slider, Video Slider & Post Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.6. This is due to missing or incorrect nonce validation on the 'save' function. This makes it possible for...
WP Simple Booking Calendar < 2.0.8.5 - Cross-Site Request Forgery
Description The WP Simple Booking Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.8.4. This is due to missing or incorrect nonce validation on the wpsbcrefreshcalendareditor function. This makes it possible for unauthenticated...
PT-2023-31463 · Unknown · Foundation
Name of the Vulnerable Software and Affected Versions: Foundation platform version 1.0 Description: The issue allows a remote attacker to obtain sensitive information via the Web3 authentication process of Foundation. The signed message lacks a nonce, which is a random number. This flaw may expos...
CVE-2023-5756
The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX...
Button Generator – easily Button Builder < 2.3.9 - Cross-Site Request Forgery
Description The Button Generator – easily Button Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.8. This is due to missing nonce validation on the btgcount function. This makes it possible for unauthenticated attackers to reset the...
Checkout Field Editor < 1.7.5 - Cross-Site Request Forgery to Checkout Fields Update
Description The Checkout Field Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.4. This is due to missing nonce validation when updating checkout fields. This makes it possible for unauthenticated attackers to update checkout fields via...
WP Links Page < 4.9.5 - Cross-Site Request Forgery via wplf_ajax_update_screenshots
Description The WP Links Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.9.4. This is due to missing or incorrect nonce validation on the 'wplfajaxupdatescreenshots' function. This makes it possible for unauthenticated attackers to update...
Plugin Name: Device Theme Switcher <= 3.0.2 - Cross-Site Request Forgery
Description The Plugin Name: Device Theme Switcher plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.2. This is due to missing or incorrect nonce validation on the saveadminpagesettings function. This makes it possible for unauthenticated...
CVE-2023-6008
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin...
CVE-2023-2440
The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing nonce validation in the 'adminpage', 'userproverifyuser' and 'verifyUnverifyAllUsers' functions. This makes it possible for unauthenticated attackers to...