Lucene search
K

1114 matches found

Prion
Prion
added 2023/07/12 7:15 a.m.9 views

Cross site request forgery (csrf)

The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metaboxpopupsave function. This makes it possible for unauthenticated attackers to save meta tags via a forged...

4.3CVSS4.3AI score0.0035EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2023/07/12 7:15 a.m.13 views

Cross site request forgery (csrf)

The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport function. This makes it possible for unauthenticated attackers to trigger a CSV export via a...

4.3CVSS5.2AI score0.00541EPSS
Exploits0References9Affected Software1
Prion
Prion
added 2023/07/12 7:15 a.m.11 views

Cross site request forgery (csrf)

The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...

4.3CVSS4.3AI score0.0035EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2023/07/12 6:52 a.m.22 views

CVE-2021-4424 Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass

The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...

4.3CVSS4.6AI score0.0035EPSS
Exploits0References9
NVD
NVD
added 2023/07/12 5:15 a.m.14 views

CVE-2023-2517

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...

5.4CVSS5.1AI score0.00402EPSS
Exploits0References4
Prion
Prion
added 2023/07/12 5:15 a.m.24 views

Cross site request forgery (csrf)

The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the armcheckusercap function. This makes it possible for unauthenticated attackers to perform multiple unauthorized action...

6.8CVSS8.2AI score0.00267EPSS
Exploits0References2Affected Software1
Prion
Prion
added 2023/07/12 5:15 a.m.16 views

Cross site request forgery (csrf)

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...

4.3CVSS4.4AI score0.00296EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/07/12 4:15 a.m.3 views

CVE-2021-4415

The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshineproductsquicksavepost function. This makes it possible for unauthenticated attackers to save custom...

4.3CVSS5.6AI score0.00345EPSS
Exploits0References9
OSV
OSV
added 2023/07/12 4:15 a.m.4 views

CVE-2021-4407

The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...

4.3CVSS5.6AI score
Exploits0References9
OSV
OSV
added 2023/07/12 4:15 a.m.3 views

CVE-2021-4411

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpepdownloadtransactioninexcel function. This makes it possible for unauthenticated attackers...

4.3CVSS5.6AI score0.00351EPSS
Exploits0References10
OSV
OSV
added 2023/07/12 4:15 a.m.3 views

CVE-2021-4410

The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.18. This is due to missing or incorrect nonce validation on the savepostdata function. This makes it possible for unauthenticated attackers to save post data via a forged...

4.3CVSS5.6AI score0.00342EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2023/07/12 12:0 a.m.5 views

PT-2023-11892 · WordPress · The Coming Soon Page & Maintenance Mode

Name of the Vulnerable Software and Affected Versions: Coming Soon & Maintenance Mode Page plugin for WordPress versions up to, and including, 1.57 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save meta box function. This allo...

4.3CVSS4.4AI score0.00405EPSS
Exploits1References11
OSV
OSV
added 2023/07/11 3:15 a.m.2 views

CVE-2023-2079

The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recievepost, bmcdisconnect, namepost, and widgetpost functions in versions up to, and including, 3.7. This makes it possible for unauthenticated...

5.3CVSS7.3AI score
Exploits0References4
Vulnrichment
Vulnrichment
added 2023/07/11 2:3 a.m.26 views

CVE-2023-2079 Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Cross-Site Request Forgery

The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recievepost, bmcdisconnect, namepost, and widgetpost functions in versions up to, and including, 3.7. This makes it possible for unauthenticated...

7.1CVSS6.6AI score0.00285EPSS
Exploits1References4
CNNVD
CNNVD
added 2023/07/10 12:0 a.m.8 views

WordPress plugin Float menu 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.8CVSS6.3AI score0.00543EPSS
Exploits2References2
OSV
OSV
added 2023/07/01 6:15 a.m.3 views

CVE-2021-4405

The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...

4.3CVSS5.6AI score
Exploits0References9
OSV
OSV
added 2023/07/01 6:15 a.m.3 views

CVE-2021-4401

The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...

8.8CVSS5.6AI score0.00435EPSS
Exploits0References9
OSV
OSV
added 2023/07/01 6:15 a.m.1 views

CVE-2021-4396

The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the savercpostmeta function. This makes it possible for unauthenticated attackers to save post meta via a forged request grant...

4.3CVSS5.6AI score0.0033EPSS
Exploits0References9
OSV
OSV
added 2023/07/01 6:15 a.m.3 views

CVE-2021-4398

The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the atsaveaturlmeta function. This makes it possible for unauthenticated attackers to update meta data vi...

4.3CVSS5.6AI score0.0033EPSS
Exploits0References9
Prion
Prion
added 2023/07/01 6:15 a.m.18 views

Cross site request forgery (csrf)

The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the userdatasynchronizationinitiater, coursesynchronizationinitiater, userslinktomoodlesynchronization,...

6.8CVSS8.2AI score0.00366EPSS
Exploits0References9Affected Software1
Rows per page
Query Builder