152 matches found
CVE-2024-8093
The Posts reminder WordPress plugin through 0.20 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
PT-2024-38800 · WordPress · Posts Reminder Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: The Posts reminder WordPress plugin versions 0.20 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This could...
CVE-2024-7862
The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-7820
The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
PT-2024-38606 · WordPress · Ilc Thickbox
Name of the Vulnerable Software and Affected Versions: ILC Thickbox WordPress plugin version 1.0 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For ILC...
CVE-2024-6856
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-6925
The TrueBooker WordPress plugin before 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-6852
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
PT-2024-37963 · WordPress · Truebooker
Name of the Vulnerable Software and Affected Versions: The TrueBooker WordPress plugin versions prior to 1.0.3 Description: The issue is related to the lack of a CSRF check when updating settings in the plugin. This could allow attackers to make a logged-in admin change settings via a CSRF attack...
WordPress plugin WP Job Portal 路径遍历漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A path traversal...
WordPress WP Accessibility Helper plugin <= 0.6.2.8 - Missing Authorization to Authenticated (Subscriber+) Limited Settings Update vulnerability
Missing Authorization to Authenticated Subscriber+ Limited Settings Update vulnerability discovered by Lucio Sá in WordPress Plugin WP Accessibility Helper WAH versions = 0.6.2.8...
CVE-2024-5287
The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack...
CVE-2024-3632
The Smart Image Gallery WordPress plugin before 1.0.19 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
CVE-2024-6022
The ContentLock WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
PT-2024-37325 · WordPress · Content Blocks
Name of the Vulnerable Software and Affected Versions: ContentLock WordPress plugin versions 1.0.0 through 1.0.3 Description: The issue is related to the lack of a CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack...
CVE-2024-3965
The Pray For Me WordPress plugin through 1.0.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
PT-2024-32636 · WordPress · Wp Prayer Ii
Name of the Vulnerable Software and Affected Versions: WP Prayer II WordPress plugin versions 2.4.7 and earlier Description: The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Recommendations: For WP...
CVE-2024-3711
CVE-2024-3711 affects the Brizy – Page Builder for WordPress. The flaw enables an unauthorized plugin settings update due to a missing capability check in the functions action_request_disable, action_change_template, and action_request_enable, in all versions up to and including 2.4.43. Consequen...
CVE-2024-3405
The WP Prayer WordPress plugin through 2.0.9 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...
PT-2024-28484 · WordPress · Recaptcha Jetpack Wordpress Plugin
Name of the Vulnerable Software and Affected Versions: reCAPTCHA Jetpack WordPress plugin versions prior to 0.3 Description: The issue concerns a lack of CSRF check when updating settings, potentially allowing attackers to manipulate a logged-in admin into changing them via a CSRF attack...