CVE-2021-4402 Multiple Roles <= 1.3.1- Cross-Site Request Forgery Bypass

The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. This is due to missing or incorrect nonce validation on the muaddrolesinsignupmeta and muaddrolesinsignupmetarecently functions. This makes it possible for unauthenticated...

CVE-2021-4398 Amministrazione Trasparente <= 7.1 - Cross-Site Request Forgery Bypass

The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. This is due to missing or incorrect nonce validation on the atsaveaturlmeta function. This makes it possible for unauthenticated attackers to update meta data vi...

CVE-2021-4396 Rucy <= 0.4.4 - Cross-Site Request Forgery Bypass

The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. This is due to missing or incorrect nonce validation on the savercpostmeta function. This makes it possible for unauthenticated attackers to save post meta via a forged request grant...

CVE-2020-36744

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generateconversions function. This makes it possible for unauthenticated attackers to generate conversions via a...

CVE-2021-4392

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. This is due to missing or incorrect nonce validation on the implecodesaveproductsmeta function. This makes it possible for unauthenticated...

CVE-2020-36737

The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astraadminerrors function. This makes it possible for unauthenticated attackers to display ...

CVE-2021-4386

The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...

CVE-2020-36738

The Cool Timeline Horizontal & Vertical Timeline plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctlsave function. This makes it possible for unauthenticated attackers to save fie...

CVE-2021-4386

The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. This is due to missing or incorrect nonce validation on the save function. This makes it possible for unauthenticated attackers to modify the plugin's settings via a...

CVE-2021-4385

The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the savegroups function. This makes it possible for unauthenticated attackers to add new group members via a...

Cross site request forgery (csrf)

The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astraadminerrors function. This makes it possible for unauthenticated attackers to display ...

CVE-2023-3411 Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite <= 1.0.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Image Map Pro – Drag-and-drop Builder for Interactive Images – Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. This is due to missing nonce validation on the ajaxstoresave function. This makes it possible for unauthenticated...

CVE-2023-3320

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the /admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and injec...

Cross site request forgery (csrf)

The WP Sticky Social plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1. This is due to missing nonce validation in the /admin/views/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and injec...

PT-2023-24217 · WordPress · Wp Sticky Social

Name of the Vulnerable Software and Affected Versions: WP Sticky Social plugin for WordPress versions up to, and including, 1.0.1 Description: The issue is due to missing nonce validation in the /admin/views/admin.php file, making it possible for unauthenticated attackers to modify the plugin's...

CVE-2023-3198

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatestatusordermessage function. This makes it possible for unauthenticated attackers to update status order message via a forged request granted they can trick a site...

CVE-2023-3200

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatenewordermessage function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site...

CVE-2023-3200

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatenewordermessage function. This makes it possible for unauthenticated attackers to update new order message via a forged request granted they can trick a site...

CVE-2023-3201

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatenewordertitle function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrato...

CVE-2023-3201

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatenewordertitle function. This makes it possible for unauthenticated attackers to update new order title via a forged request granted they can trick a site administrato...