17 matches found
EUVD-2020-24192
Malware in sbrugna...
EUVD-2025-17081
Malicious code in bioql PyPI...
EUVD-2021-34211
Malicious code in bioql PyPI...
CVE-2025-6064
The WP URL Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing or incorrect nonce validation on the 'urlshortenersettings' page. This makes it possible for unauthenticated attackers to update settings and...
CVE-2024-8319
The Tourfic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.11.20. This is due to missing or incorrect nonce validation on the tforderstatusemailresendfunction, tfvisitordetailseditfunction, tfcheckinoutdetailseditfunction,...
CVE-2024-1339
The ImageRecycle pdf & image compression plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.1.13. This is due to missing or incorrect nonce validation on the reinitialize function. This makes it possible for unauthenticated attackers to remove...
CVE-2024-0433
The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. This is due to missing or incorrect nonce validation on the 'ajaxunsetdefaultcard' function. This makes it possible for unauthenticated attackers to remove...
CVE-2024-1777
The Admin side data storage for Contact Form 7 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the settings update function. This makes it possible for unauthenticated attackers t...
CVE-2024-11417
The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. This is due to missing or incorrect nonce validation on the djoeinstellungenmenue function. This makes it possible for unauthenticated attackers to...
CVE-2023-3203
The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstoreupdatelimitproduct function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a...
CVE-2020-36760
The Ocean Extra plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the addcoreextensionsbundlevalidation function. This makes it possible for unauthenticated attackers to validate...
CVE-2024-13710
CVE-2024-13710 affects the WordPress plugin Estatebud – Properties & Listings. It is a Cross-Site Request Forgery vulnerability on the Estatebud_settings page that can let unauthenticated attackers update plugin settings by tricking an admin into performing an action. The issue affects all versio...
CVE-2024-13768
The CITS Support svg, webp Media and TTF,OTF File Upload, Use Custom Fonts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation on the citsassignfontstab function. This makes it possible fo...
CVE-2025-2163
The Zoorum Comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the zoorumsetoptions function. This makes it possible for unauthenticated attackers to update settings and inject...
CVE-2024-12218
CVE-2024-12218 affects the WordPress plugin WooCommerce check pincode/zipcode for shipping . Root cause: missing/incorrect nonce validation enabling Cross-Site Request Forgery in all versions up to and including 2.0.4. Impact: unauthenticated attackers can forge requests that trick a site adminis...
CVE-2024-11336
The Clickbank WordPress Plugin Storefront plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.7. This is due to missing or incorrect nonce validation via the csmenu page. This makes it possible for unauthenticated attackers to update settings a...
PT-2023-16700 · WordPress · Wp Meta Seo
Name of the Vulnerable Software and Affected Versions: WP Meta SEO plugin for WordPress versions up to, and including, 4.5.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the setIgnore function. This allows unauthenticated attacker...