CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS6.8AI score0.00097EPSS

Exploits2References1

Vulnrichment•added 2023/08/30 11:29 a.m.•5 views

CVE-2023-4600

The AffiliateWP for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'affwpactivateaddonspageplugin' function called via an AJAX action in versions up to, and including, 2.14.0. This makes it possible for authenticated attackers, with...

4.3CVSS6.6AI score0.0009EPSS

Exploits0References2

OSV•added 2023/03/27 4:15 p.m.•0 views

CVE-2023-1089

The Coupon Zen WordPress plugin before 1.0.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...

4.3CVSS5.9AI score0.00097EPSS

Exploits2References1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by