6 matches found
CVE-2026-4650
The FundPress – WordPress Donation Plugin for WordPress is vulnerable to authorization bypass in versions up to and including 2.0.8. This is due to missing authorization and nonce verification in the donateactionstatus AJAX handler, which is registered to be accessible to unauthenticated users vi...
PT-2025-44236
Name of the Vulnerable Software and Affected Versions Doppler Forms WordPress plugin versions through 2.5.1 Description The Doppler Forms WordPress plugin registers an AJAX action, install extension, without proper verification of user capabilities or the use of a nonce. This allows any...
CVE-2022-1630
The WP-EMail WordPress plugin before 2.69.0 does not protect its log deletion functionality with nonce checks, allowing attacker to make a logged in admin delete logs via a CSRF attack...
CVE-2022-36968
In Progress WSFTP Server prior to version 8.7.3, forms within the administrative interface did not include a nonce to mitigate the risk of cross-site request forgery CSRF attacks...
CVE-2024-4665
EventPrime WordPress plugin before 3.5.0 contains a permissions validation flaw in the booking update flow, allowing a user to modify or cancel bookings for other users. The issue is compounded by the absence of a nonce to protect the operation. Impact, as documented, is limited to unauthorized c...
PT-2022-24015 · WordPress +1 · Ask Me
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue allows for the deletion of a post without using a nonce or prompting for confirmation, which is a result of a CSRF vulnerability. Recommendations: At the moment, there is no...