CVE-2021-4389

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the savemetadata function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a...

CVE-2020-36746

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswpsavemeta function. This makes it possible for unauthenticated attackers to save meta data via a forged reque...

CVE-2020-36753

The Hueman theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.3. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save metabox data via a forged request...

CVE-2020-36751

The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the savemeta function. This makes it possible for unauthenticated attackers to save meta fields via a forged request...

WordPress Plugin Coupon Creator Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

WordPress theme Hueman Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform developed in PHP by the WordPress Foundation. The platform supports personal blog sites on PHP and MySQL servers.WordPress theme is a theme for WordPress. A security vulnerability exists in WordPress theme Hueman, which stems from a missing or incorrect random...

CVE-2020-36752

The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to missing or incorrect nonce validation on the savemetabox function. This makes it possible for unauthenticated attackers to save meta boxe...

PT-2023-11892 · WordPress · The Coming Soon Page & Maintenance Mode

Name of the Vulnerable Software and Affected Versions: Coming Soon & Maintenance Mode Page plugin for WordPress versions up to, and including, 1.57 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save meta box function. This allo...

CVE-2021-4389

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. This is due to missing or incorrect nonce validation on the savemetadata function. This makes it possible for unauthenticated attackers to save metadata for travel posts via a...

WordPress Plugin Menu Swapper 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forgery...

PT-2023-11886 · WordPress · Menu Swapper

Name of the Vulnerable Software and Affected Versions: Menu Swapper plugin for WordPress versions up to, and including, 1.1.0.2 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the mswp save meta function. This allows unauthenticated...