338 matches found
CVE-2023-1088 WP Plugin Manager < 1.1.8 - Arbitrary Plugin Activation via CSRF
The WP Plugin Manager WordPress plugin before 1.1.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2023-0498 WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF
The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
CVE-2023-0504 HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF
The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack...
PT-2023-16316 · WordPress · Ht Politic Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: HT Politic WordPress plugin versions prior to 2.3.8 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF...
PT-2023-16742 · WordPress · Wc Sales Notification
Name of the Vulnerable Software and Affected Versions: WC Sales Notification WordPress plugin versions prior to 1.2.3 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog v...
PT-2023-16744 · WordPress · Coupon Zen
Name of the Vulnerable Software and Affected Versions: Coupon Zen WordPress plugin versions prior to 1.0.6 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF...
PT-2023-16312 · Unknown · Wp Film Studio
Name of the Vulnerable Software and Affected Versions: WP Film Studio version 1.3.4 and earlier Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF attack...
PT-2023-16741 · WordPress · Preview Link Generator
Name of the Vulnerable Software and Affected Versions: Preview Link Generator WordPress plugin versions prior to 1.0.4 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog...
PT-2023-16306 · WordPress · Ht Slider For Elementor
Name of the Vulnerable Software and Affected Versions: HT Slider For Elementor WordPress plugin versions prior to 1.4.0 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog...
PT-2023-16743 · WordPress · Wp Plugin Manager
Name of the Vulnerable Software and Affected Versions: WP Plugin Manager versions prior to 1.1.8 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF attack...
PT-2023-16308 · WordPress · Hm Portfolio
Name of the Vulnerable Software and Affected Versions: HT Portfolio WordPress plugin versions prior to 1.1.6 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF...
PT-2023-16317 · WordPress · Ever Compare
Name of the Vulnerable Software and Affected Versions: Ever Compare WordPress plugin versions 1.2.3 and earlier Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a...
PT-2023-16309 · WordPress · Wp Education
Name of the Vulnerable Software and Affected Versions: WP Education WordPress plugin versions prior to 1.2.7 Description: The issue concerns a lack of CSRF check when activating plugins, which could allow attackers to make logged-in admins activate arbitrary plugins present on the blog via a CSRF...
HT Easy GA4 ( Google Analytics 4 ) < 1.0.7 - Plugin Activation via CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF
The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers...
HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF
The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...
HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF
The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...
WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF
The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...
HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF
The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...
WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF
The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...