Social Media Feather < 2.1.4 - Subscriber+ Unauthorised Action

Description The plugin does not have authorisation in a function, allowing any authenticated users, such as subscriber to call it...

CVE-2021-24969

The WordPress Download Manager WordPress plugin before 3.2.22 does not sanitise and escape Template data before outputting it in various pages such as admin dashboard and frontend. Due to the lack of authorisation and CSRF checks in the wpdmsavetemplate AJAX action, any authenticated users such a...

CRM: Contact Management Simplified – UkuuPeople <= 1.6.3 - Unauthorised Favourite Addition/Deletion

The plugin does not properly check for CSRF in its ukuuaddtofav AJAX action, allowing attacker to make logged in users call them them and add or delete arbitrary favourite post. To delete a favourite To Add a favourite...

Food Store < 1.3.7 - Unauthorised AJAX call via CSRF

The plugin did not properly check for CSRF in its AJAX actions, allowing attackers to make users perform unwanted actions via a CSRF attack, such as add product add-on for users with the editproducts capability, as well as add/remove arbitrary products to the basket of the targeted user...