CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

338 matches found

WPVulnDB•added 2023/02/28 12:0 a.m.•14 views

HT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.4AI score0.00097EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/02/28 12:0 a.m.•13 views

WP Insurance < 2.1.4 - Arbitrary Plugin Activation via CSRF

6.5CVSS6.7AI score0.00144EPSS

Exploits2Affected Software1

wpexploit•added 2023/02/28 12:0 a.m.•94 views

Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.6AI score0.00835EPSS

Exploits2

wpexploit•added 2023/02/28 12:0 a.m.•100 views

QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers...

4.3CVSS5.6AI score0.00097EPSS

Exploits2

WPVulnDB•added 2023/02/28 12:0 a.m.•23 views

HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF

4.3CVSS3.1AI score0.00106EPSS

Exploits2Affected Software1

wpexploit•added 2023/02/28 12:0 a.m.•103 views

HT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00097EPSS

Exploits2

WPVulnDB•added 2023/02/28 12:0 a.m.•12 views

Coupon Zen < 1.0.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.1AI score0.00097EPSS

Exploits2Affected Software1

wpexploit•added 2023/02/28 12:0 a.m.•129 views

HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00135EPSS

Exploits2

WPVulnDB•added 2023/02/28 12:0 a.m.•19 views

Preview Link Generator < 1.0.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack PoC fetch'https://example.com/wp-admin/admin-ajax.php', method: 'POST', headers: new Headers 'Content-Type':...

4.3CVSS5.4AI score0.00835EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/02/28 12:0 a.m.•13 views

WP News <= 1.1.9 - Arbitrary Plugin Activation via CSRF

6.5CVSS6.7AI score0.00144EPSS

Exploits2Affected Software1

wpexploit•added 2023/02/28 12:0 a.m.•99 views

WP Insurance < 2.1.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

6.5CVSS6.9AI score0.00144EPSS

Exploits2

wpexploit•added 2023/02/28 12:0 a.m.•119 views

Ever Compare < 1.2.4 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.2AI score0.00097EPSS

Exploits2

wpexploit•added 2023/02/28 12:0 a.m.•90 views

HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00106EPSS

Exploits2

wpexploit•added 2023/02/28 12:0 a.m.•95 views

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 - Arbitrary Plugin Activation via CSRF

The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST', headers: new...

4.3CVSS5.6AI score0.00097EPSS

Exploits2

wpexploit•added 2023/02/28 12:0 a.m.•103 views

Free WooCommerce Theme 99fy Extension < 1.2.8 - Arbitrary Plugin Activation via CSRF

Description The plugin does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack activate woocommerce plugin exploit: fetch'http://localhost/wp-admin/admin-ajax.php', method: 'POST',...

4.3CVSS5.1AI score0.00097EPSS

Exploits2

WPVulnDB•added 2023/02/28 12:0 a.m.•16 views

Ever Compare < 1.2.4 - Arbitrary Plugin Activation via CSRF

4.3CVSS5.1AI score0.00097EPSS

Exploits2Affected Software1

WPVulnDB•added 2023/02/28 12:0 a.m.•13 views

Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 - Arbitrary Plugin Activation via CSRF

4.3CVSS5.4AI score0.00097EPSS

Exploits2Affected Software1

NVD•added 2023/02/17 3:15 p.m.•9 views

CVE-2023-23899

Cross-Site Request Forgery CSRF vulnerability in HasThemes Extensions For CF7 plugin = 2.0.8 versions leads to arbitrary plugin activation...

4.3CVSS4.8AI score0.00097EPSS

Exploits0References1

Prion•added 2023/02/17 3:15 p.m.•16 views

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in HasThemes Extensions For CF7 plugin = 2.0.8 versions leads to arbitrary plugin activation...

4.3CVSS4.9AI score0.00097EPSS

Exploits0References1Affected Software1

Positive Technologies•added 2023/02/17 12:0 a.m.•9 views

PT-2023-19289 · Unknown · Hasthemes Extensions For Cf7

Name of the Vulnerable Software and Affected Versions: HasThemes Extensions For CF7 plugin versions = 2.0.8 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which can lead to arbitrary plugin activation. This means an attacker could potentially activate any...

4.3CVSS4.6AI score0.00097EPSS

Exploits0References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by