WordPress SearchWP premium plugin <= 4.2.5 - Broken Authentication vulnerability

Broken Authentication vulnerability via Nonce Token Leakage Leading to Plugin Settings Change discovered by Dave Jong Patchstack in the WordPress SearchWP premium plugin versions = 4.2.5. Solution Update the WordPress SearchWP plugin to the latest available version at least 4.2.6...

Chat Bubble < 2.3 - Unauthenticated Stored Cross-Site Scripting

The plugin does not sanitise and escape some contact parameters, which could allow unauthenticated attackers to set Stored Cross-Site Scripting payloads in them, which will trigger when an admin view the related contact message Setup: - In the General Settings of the plugin, check the "Show Chat...

CVE-2022-2350

The Disable User Login WordPress plugin through 1.0.1 does not have authorisation and CSRF checks when updating its settings, allowing unauthenticated attackers to block or unblock users at will...

WordPress Manage Notification E-mails plugin <= 1.8.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Reset discovered by Muhammad Daffa Patchstack Alliance in WordPress Manage Notification E-mails plugin versions = 1.8.2. Solution Update the WordPress Manage Notification E-mails plugin to the latest available version at lea...

WordPress TH Advance Product Search plugin <= 1.1.4 - Unauthenticated Plugin Settings Reset vulnerability

Unauthenticated Plugin Settings Reset vulnerability discovered by Rasi Afeef Patchstack Alliance in WordPress TH Advance Product Search plugin versions = 1.1.4. Solution No patched version is available. Ignored by the vendor since Aug 2, 2022...

Cross site request forgery (csrf)

Cross-Site Request Forgery CSRF vulnerability in Seriously Simple Podcasting plugin = 2.16.0 at WordPress, leading to plugin settings change...

CVE-2022-40132 WordPress Seriously Simple Podcasting plugin <= 2.16.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Seriously Simple Podcasting plugin = 2.16.0 at WordPress, leading to plugin settings change...

CVE-2022-35238

Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin = 1.9.7 at WordPress...

CVE-2022-35238

CVE-2022-35238 corresponds to an Unauthenticated Plugin Settings Change vulnerability in the WordPress Awesome Filterable Portfolio plugin (versions

CVE-2022-35238 WordPress Awesome Filterable Portfolio plugin <= 1.9.7 - Unauthenticated Plugin Settings Change vulnerability

Unauthenticated Plugin Settings Change vulnerability in Awesome Filterable Portfolio plugin = 1.9.7 at WordPress...

WordPress plugin Seriously Simple Podcasting 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

CVE-2022-40219 WordPress FavIcon Switcher plugin <= 1.2.11 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in SedLex FavIcon Switcher plugin = 1.2.11 at WordPress allows plugin settings change...

PT-2022-25290 · Sedlex · Sedlex Favicon Switcher Plugin

Name of the Vulnerable Software and Affected Versions: SedLex FavIcon Switcher plugin versions 1.2.11 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which allows changes to plugin settings. This type of vulnerability enables an attacker to perfor...

CVE-2022-3142

The NEX-Forms WordPress plugin before 7.9.7 does not properly sanitise and escape user input before using it in SQL statements, leading to SQL injections. The attack can be executed by anyone who is permitted to view the forms statistics chart, by default administrators, however can be configured...

CVE-2022-36793

Unauthenticated Plugin Settings Change & Data Deletion vulnerabilities in WP Shop plugin = 3.9.6 at WordPress...

PT-2022-24177 · WordPress · Wp Shamsi

Name of the Vulnerable Software and Affected Versions: WP Shamsi plugin versions = 4.1.1 Description: The issue is related to an authenticated plugin setting change vulnerability. This means that an attacker with subscriber or higher privileges can change plugin settings. The estimated number of...

CVE-2022-2515

The Simple Banner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the proversionactivationcode parameter in versions up to, and including, 2.11.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, including those...

CVE-2022-2540

The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the adminpage function found in the /admin.php file. This makes it possible for unauthenticated...

Cross site request forgery (csrf)

The Stockists Manager for Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2.1. This is due to missing nonce validation on the stockistsettingsmain function. This makes it possible for unauthenticated attackers to modify the plugin...

WordPress Captcha Code plugin <= 2.7 - Cross-Site Request Forgery (CSRF) vulnerability leading to Plugin Settings Update

Cross-Site Request Forgery CSRF vulnerability leading to Plugin Settings Update discovered by Rasi Afeef Patchstack Alliance in WordPress Captcha Code plugin versions = 2.7. Solution Update the WordPress Captcha Code plugin to the latest available version at least 2.8...