CVE-2024-37450

Summary: CVE-2024-37450 is a CSRF vulnerability in the WordPress Benevolent theme, affecting versions 1.3.4 and earlier. The underlying issue is cross-site request forgery in the Benevolent plugin/theme, enabling unauthorized actions when a logged-in user visits a malicious page. Impact metrics r...

CVE-2024-37450 WordPress Benevolent theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in raratheme Benevolent benevolent allows Cross Site Request Forgery.This issue affects Benevolent: from n/a through = 1.3.4...

CVE-2024-37435 WordPress Perfect Portfolio theme <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rara Theme Perfect Portfolio allows Cross Site Request Forgery.This issue affects Perfect Portfolio: from n/a through 1.2.0...

CVE-2024-37435

CVE-2024-37435 describes a Cross-Site Request Forgery (CSRF) in the WordPress theme “Perfect Portfolio.” Affected: Perfect Portfolio versions up to 1.2.0 (listed as from n/a through 1.2.0). Root cause: CSRF enabling unauthorized actions via crafted requests. Impact (per CVSS v3.1 in the sources):...

CVE-2024-37426 WordPress Elegant Pink theme 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in raratheme Elegant Pink elegant-pink allows Cross Site Request Forgery.This issue affects Elegant Pink: from n/a through = 1.3.0...

CVE-2024-37421 WordPress JobScout theme <= 1.1.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in raratheme JobScout jobscout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through = 1.1.4...

CVE-2024-37413 WordPress Preschool and Kindergarten theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Rara Theme Preschool and Kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through 1.2.1...

CVE-2024-37413 WordPress Preschool and Kindergarten theme <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in raratheme Preschool and Kindergarten preschool-and-kindergarten allows Cross Site Request Forgery.This issue affects Preschool and Kindergarten: from n/a through = 1.2.1...

CVE-2024-37413

CVE-2024-37413 is a CSRF vulnerability in the WordPress theme Preschool and Kindergarten (versions

CVE-2024-37272 WordPress Travel Monster theme <= 1.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in WP Travel Engine Travel Monster allows Cross Site Request Forgery.This issue affects Travel Monster: from n/a through 1.1.2...

CVE-2024-37243 WordPress Vandana Lite theme <= 1.1.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in blossomthemes Vandana Lite vandana-lite allows Cross Site Request Forgery.This issue affects Vandana Lite: from n/a through = 1.1.9...

CVE-2024-37243

The CVE-2024-37243 entry concerns a Cross-Site Request Forgery (CSRF) vulnerability in Blossom Themes Vandana Lite (WordPress theme). Affected versions are Vandana Lite up to 1.1.9; the issue enables unauthorized actions on behalf of an authenticated user. The public material identifies the root ...

CVE-2024-37104 WordPress Chic Lite theme <= 1.1.3 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in raratheme Chic Lite chic-lite allows Cross Site Request Forgery.This issue affects Chic Lite: from n/a through = 1.1.3...

CVE-2024-37103

CVE-2024-37103 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress Education Zone theme, affecting Education Zone versions n/a through 1.3.4. Public docs summarize it as CSRF without detailing exploit vectors or root causes beyond the CSRF nature, and there is no explicit exploi...

CVE-2024-37103 WordPress Education Zone theme <= 1.3.4 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in raratheme Education Zone education-zone allows Cross Site Request Forgery.This issue affects Education Zone: from n/a through = 1.3.4...

CVE-2024-56046

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9...

CVE-2024-56234

Technical details for CVE-2024-56234 are not provided in the supplied documents. No concrete information on affected products, root cause, impact, or remediation is available here; monitor for official advisories and vendor updates.

WordPress VW Automobile Lite theme <= 2.1 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Fariq Fadillah Gusti Insani in WordPress Theme VW Automobile Lite versions = 2.1...

WordPress Kleo theme < 5.4.4 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Rafie Muhammad Patchstack in WordPress Theme Kleo versions 5.4.4...

CVE-2024-11926

The Travel Booking WordPress Theme theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'stPartnerCreateServiceRental', 'stdeleteorderitem', 'stpartnerapprovebooking', 'saveorderitem', and 'userDenyEachInfo' functions in all versions up t...