Cross site request forgery (csrf)

The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6.4. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin...

CVE-2023-3055

The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azhsave' function. This makes it possible for unauthenticated attackers to update the post content an...

PT-2023-18825 · Vcita · Contact Form/Calls To Action

Name of the Vulnerable Software and Affected Versions: Contact Form and Calls To Action by vcita plugin for WordPress versions up to, and including, 2.6.4 Description: The issue is due to missing nonce validation in the vcita-callback.php file, making it possible for unauthenticated attackers to...

CVE-2023-2549

The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions starting from 1.0.7 up to, and including, 1.1.1. This is due to missing nonce validation in the 'createTempAccountLink' function. This makes it possible for unauthenticated attackers to create a ne...

CVE-2023-0766

The Newsletter Popup WordPress plugin through 1.2 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks as the wpnewslettershowlocalrecord page is not protected with a nonce...

PT-2023-16514 · WordPress · Newsletter Popup

Name of the Vulnerable Software and Affected Versions: The Newsletter Popup WordPress plugin versions 1.2 and earlier Description: The issue concerns a lack of CSRF checks in certain areas of the plugin, which could allow attackers to perform unwanted actions on behalf of logged-in users through...

CVE-2023-2736

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...

CVE-2023-2717

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation on the 'enablesafemode' function. This makes it possible for unauthenticated attackers to enable safe mode, which disables all other...

CVE-2023-2736

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...

Cross site request forgery (csrf)

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...

CVE-2023-2736 Groundhogg <= 2.7.9.8 - Cross-Site Request Forgery to Privilege Escalation

The Groundhogg plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.9.8. This is due to missing nonce validation in the 'ajaxeditcontact' function. This makes it possible for authenticated attackers to receive the auto login link via shortcode and...

Cross-site Request Forgery (CSRF)

Overview johnpbloch/wordpress-core is a web software you can use to create a website or blog. Affected versions of this package are vulnerable to Cross-site Request Forgery CSRF due to missing nonce validation on the wpajaxsetattachmentthumbnail AJAX function. An attacker can update the thumbnail...

Cross site request forgery (csrf)

Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any...

CVE-2023-30616 Cross Site Request Forgery due to missing nonce verification in form block

Form block is a wordpress plugin designed to make form creation easier. Versions prior to 1.0.2 are subject to a Cross-Site Request Forgery due to a missing nonce check. There is potential for a Cross Site Request Forgery for all form blocks, since it allows to send requests to the forms from any...

PT-2023-22813 · WordPress · Form Block

Name of the Vulnerable Software and Affected Versions: Form block versions prior to 1.0.2 Description: The Form block WordPress plugin is subject to a Cross-Site Request Forgery CSRF due to a missing nonce check. This allows requests to be sent to forms from any website without the user's...

CVE-2023-1927

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache...

CVE-2023-1927

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCssAndJsCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache...

CVE-2023-1918

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpreloadsinglecallback function. This makes it possible for unauthenticated attackers to invoke a cache...

CVE-2023-1926

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the deleteCacheToolbar function. This makes it possible for unauthenticated attackers to perform cache deletion vi...

CVE-2023-1922 WP Fastest Cache <= 1.1.2 - Cross-Site Request Forgery via 'wpfc_pause_cdn_integration_ajax_request_callback'

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcpausecdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...