WordPress Zigcy Cosmetics <= 1.0.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Zigcy Cosmetics versions = 1.0.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WP Dependency Installer < 4.3.1 - Subscriber+ Arbitrary Plugin Activation

The wp-dependency-installer library, used in the plugins does not have authorisation and CSRF checks in its dependencyinstaller AJAX action with the activate method, allowing any authenticated users, such as subscriber to activate arbitrary plugin installed on the blog. Furthermore, despite havin...

WordPress AccessPress Parallax theme <= 4.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress AccessPress Parallax theme versions = 4.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Eight Sec theme <= 1.1.4 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Eight Sec theme versions = 1.1.4. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Access Demo Importer plugin <= 1.0.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Arbitrary Plugin Activation

Cross-Site Request Forgery CSRF vulnerability leading to Arbitrary Plugin Activation discovered by Ex.Mi Patchstack in WordPress Access Demo Importer plugin versions = 1.0.7. Solution Update the WordPress Access Demo Importer plugin to the latest available version at least 1.0.8...

WordPress The Monday theme <= 1.4.1 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi (Patchstack) in

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress The Monday theme versions = 1.4.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress AccessPress Store theme <= 2.4.9 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress AccessPress Store theme versions = 2.4.9. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Ripple theme <= 1.2.0 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Ripple theme versions = 1.2.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress VMagazine Lite theme <= 1.3.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress VMagazine Lite theme versions = 1.3.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Revolve theme <= 1.3.1 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Revolve theme versions = 1.3.1. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress EightLaw Lite theme <= 2.1.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress EightLaw Lite theme versions = 2.1.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Edict Lite theme <= 1.1.4 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Edict Lite theme versions = 1.1.4. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Sakala theme <= 1.0.4 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Sakala theme versions = 1.0.4. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Agency Lite theme <= 1.1.6 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Agency Lite theme versions = 1.1.6. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Opstore theme <= 1.4.3 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Opstore theme versions = 1.4.3. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Construction Lite theme <= 1.2.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Construction Lite theme versions = 1.2.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress ScrollMe theme <= 2.1.0 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress ScrollMe theme versions = 2.1.0. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Zigcy Lite theme <= 2.0.9 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Zigcy Lite theme versions = 2.0.9. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress Accesspress Lite theme <= 2.92 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress Accesspress Lite theme versions = 2.92. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

CVE-2021-24703

The Download Plugin WordPress plugin before 1.6.1 does not have capability and CSRF checks in the dpwappluginactivate AJAX action, allowing any authenticated users, such as subscribers, to activate plugins that are already installed...