Lucene search
K

1114 matches found

OSV
OSV
added 2023/11/21 9:15 a.m.4 views

CVE-2023-5776

The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdmwpajaxdeletemeta, pmdmwpdeleteusermeta, and pmdmwpdeleteusermeta functions. This makes it possible for...

8.8CVSS5.8AI score0.00292EPSS
Exploits0References4
OSV
OSV
added 2023/11/15 11:15 p.m.4 views

CVE-2023-4690

The Elementor Addon Elements plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.12.7. This is due to missing or incorrect nonce validation on the eaesaveconfig function. This makes it possible for unauthenticated attackers to change configuration...

4.3CVSS7.2AI score0.00298EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/11/15 12:0 a.m.5 views

PT-2023-30255 · WordPress · Elementor Addon Elements

Name of the Vulnerable Software and Affected Versions: Elementor Addon Elements plugin for WordPress versions up to, and including, 1.12.7 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the eae save elements function. This allows...

5.4CVSS5.4AI score0.00298EPSS
Exploits0References5
OSV
OSV
added 2023/11/07 11:15 a.m.4 views

CVE-2023-5532

The ImageMapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'imgmapsaveareatitle' function. This makes it possible for unauthenticated attackers to update the post title and...

4.3CVSS7.2AI score
Exploits0References2
OpenVAS
OpenVAS
added 2023/10/31 12:0 a.m.15 views

WordPress Paid Memberships Pro Plugin < 2.4.3 CSRF Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:paidmembershipspro:paidmembershipspro"; ifdescription...

4.3CVSS7AI score0.00397EPSS
Exploits1References1
OSV
OSV
added 2023/10/27 12:15 p.m.4 views

CVE-2023-5821

The Thumbnail carousel slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the deleteselected function. This makes it possible for unauthenticated attackers to delete sliders in bulk via a forged request granted they c...

6.5CVSS5.7AI score0.00276EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2023/10/27 12:15 p.m.1 views

CVE-2023-5820

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged reques...

9.6CVSS5.8AI score0.00317EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/10/27 12:15 p.m.2 views

CVE-2023-5820

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing or incorrect nonce validation on the addedit functionality. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged reques...

8.8CVSS5.8AI score0.00317EPSS
Exploits0References3
Prion
Prion
added 2023/10/20 7:15 a.m.15 views

Cross site request forgery (csrf)

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsswap function. This makes it possible for unauthenticated attackers to manipulate products via a forged...

4.3CVSS4AI score0.00286EPSS
Exploits0References3Affected Software1
Prion
Prion
added 2023/10/20 7:15 a.m.25 views

Cross site request forgery (csrf)

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsvisibility function. This makes it possible for unauthenticated attackers to manipulate products via a forge...

4.3CVSS4AI score0.0029EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologies
added 2023/10/20 12:0 a.m.5 views

PT-2023-32241 · Undefined · Undefined

‼ CVE-2023-5655 ‼ The AI ChatBot plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 4.9.2. This is due to missing or incorrect nonce validation on the corresponding functions. This makes it possible for unauthenticated attackers to invoke those functions via a forged...

5.4CVSS6.8AI score0.00206EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2023/10/19 12:0 a.m.5 views

PT-2023-31216 · WordPress · Bear

Name of the Vulnerable Software and Affected Versions: The BEAR for WordPress versions up to, and including, 1.1.3.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the woobe bulkoperations visibility function. This allows...

4.3CVSS5.2AI score0.0029EPSS
Exploits0References6
OSV
OSV
added 2023/10/12 6:15 a.m.4 views

CVE-2023-5531

The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the delete functionality. This makes it possible for unauthenticated attackers to delete image...

4.3CVSS5.7AI score
Exploits0References3
OSV
OSV
added 2023/09/13 3:15 a.m.4 views

CVE-2023-4916

The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.6. This is due to missing nonce validation on the 'lwpupdatepasswordaction' function. This makes it possible for unauthenticated attackers to change user password via...

8.8CVSS5.7AI score0.00324EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/09/12 12:0 a.m.10 views

PT-2023-31077 · WordPress · Login With Phone Number Plugin For Wordpress

Name of the Vulnerable Software and Affected Versions: Login with phone number plugin for WordPress versions up to, and including, 1.5.6 Description: The issue is related to Cross-Site Request Forgery due to missing nonce validation on the lwp update password action function. This allows...

8.8CVSS8.5AI score0.00324EPSS
Exploits0References8
OSV
OSV
added 2023/08/31 6:15 a.m.3 views

CVE-2023-4161

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can tric...

4.3CVSS7.3AI score0.00263EPSS
Exploits0References3
OSV
OSV
added 2023/08/31 6:15 a.m.5 views

CVE-2023-3764

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoice...

4.3CVSS7.2AI score0.00245EPSS
Exploits0References3
Prion
Prion
added 2023/08/31 6:15 a.m.24 views

Cross site request forgery (csrf)

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can tric...

4.3CVSS4.7AI score0.00263EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2023/08/31 5:33 a.m.25 views

CVE-2023-4161 WooCommerce PDF Invoice Builder <= 1.2.90 - Cross-Site Request Forgery to Custom Field Creation

The WooCommerce PDF Invoice Builder for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the SaveCustomField function in versions up to, and including, 1.2.90. This makes it possible for unauthenticated attackers to create invoice fields provided they can tric...

4.3CVSS4.7AI score0.00263EPSS
Exploits0References3
OSV
OSV
added 2023/07/28 5:15 a.m.4 views

CVE-2023-3977

Several plugins for WordPress by Inisev are vulnerable to Cross-Site Request Forgery to unauthorized installation of plugins due to a missing nonce check on the handleinstallation function that is called via the inisevinstallation AJAX aciton in various versions. This makes it possible for...

4.3CVSS6.5AI score
Exploits0References23
Rows per page
Query Builder