1114 matches found
Cross site request forgery (csrf)
The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metaboxpopupsave function. This makes it possible for unauthenticated attackers to save meta tags via a forged...
Cross site request forgery (csrf)
The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport function. This makes it possible for unauthenticated attackers to trigger a CSV export via a...
Cross site request forgery (csrf)
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
CVE-2021-4424 Slider Hero <= 8.2.0 - Cross-Site Request Forgery Bypass
The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qcsliderheroduplicate function. This makes it possible for unauthenticated attackers to duplicate slides via a forg...
CVE-2023-2517
The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalinksetup function. This makes it possible for unauthenticated attackers to change...
Cross site request forgery (csrf)
The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the armcheckusercap function. This makes it possible for unauthenticated attackers to perform multiple unauthorized action...
Cross site request forgery (csrf)
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatefirebaseserverkey function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via ...
CVE-2021-4415
The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshineproductsquicksavepost function. This makes it possible for unauthenticated attackers to save custom...
CVE-2021-4407
The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...
CVE-2021-4411
The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpepdownloadtransactioninexcel function. This makes it possible for unauthenticated attackers...
CVE-2021-4410
The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.18. This is due to missing or incorrect nonce validation on the savepostdata function. This makes it possible for unauthenticated attackers to save post data via a forged...
PT-2023-11892 · WordPress · The Coming Soon Page & Maintenance Mode
Name of the Vulnerable Software and Affected Versions: Coming Soon & Maintenance Mode Page plugin for WordPress versions up to, and including, 1.57 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save meta box function. This allo...
CVE-2023-2079
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recievepost, bmcdisconnect, namepost, and widgetpost functions in versions up to, and including, 3.7. This makes it possible for unauthenticated...
CVE-2023-2079 Buy Me a Coffee – Button and Widget Plugin <= 3.7 - Cross-Site Request Forgery
The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recievepost, bmcdisconnect, namepost, and widgetpost functions in versions up to, and including, 3.7. This makes it possible for unauthenticated...
WordPress plugin Float menu 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
CVE-2021-4405
The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. This is due to missing or incorrect nonce validation on the epiosendautosuggestallowed function. This makes it possible for unauthenticated attackers to send allowed paramete...
CVE-2021-4401
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the updatepostsstylekit function. This makes it possible for unauthenticated attackers to update style kits for posts vi...
CVE-2021-4396
The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the savercpostmeta function. This makes it possible for unauthenticated attackers to save post meta via a forged request grant...
CVE-2021-4398
The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the atsaveaturlmeta function. This makes it possible for unauthenticated attackers to update meta data vi...
Cross site request forgery (csrf)
The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. This is due to missing or incorrect nonce validation on the userdatasynchronizationinitiater, coursesynchronizationinitiater, userslinktomoodlesynchronization,...