Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.18 views

Inline Related Posts < 3.4.0 - Tracking Toggle via CSRF

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on the managertrackingOn and managertrackingOff functions. This makes it possible for unauthenticated attackers to turn tracking on and off via a forged request granted they can trick a...

4.3CVSS4.5AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.12 views

WebinarIgnition < 3.06.0 - Cross-Site Request Forgery

Description The WebinarIgnition plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.05.8. This is due to missing or incorrect nonce validation on the delete action. This makes it possible for unauthenticated attackers to delete settings via a forge...

8.8CVSS6.4AI score0.00236EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.15 views

Before And After <= 3.9 - Cross-Site Request Forgery

Description The Before And After plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.9. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a...

4.3CVSS6.6AI score0.00212EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.17 views

eCommerce Product Catalog < 3.3.29 - Cross-Site Request Forgery

Description The eCommerce Product Catalog plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.28. This is due to missing or incorrect nonce validation on the handlemode function. This makes it possible for unauthenticated attackers to change mode...

4.3CVSS6.4AI score0.00212EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.12 views

Zoho Campaigns < 2.0.8 - Cross-Site Request Forgery via zcwc_optin_save

Description The Zoho Campaigns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the zcwcoptinsave function. This makes it possible for unauthenticated attackers to update the optin...

8.8CVSS6.4AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.19 views

GEO my WordPress < 4.2 - Cross-Site Request Forgery

Description The GEO my WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform unauthorized actions via a...

5.4CVSS6.5AI score0.00209EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.16 views

Download IP2Location Country Blocker < 2.34.3 - Cross-Site Request Forgery

Description The Download IP2Location Country Blocker plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.34.2. This is due to missing or incorrect nonce validation on the validateapikey function. This makes it possible for unauthenticated attackers...

8.8CVSS6.4AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.19 views

Libsyn Publisher Hub <= 1.4.4 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Libsyn Publisher Hub plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.4.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above, t...

6.5CVSS5.8AI score0.00331EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.14 views

Easy Contact Form Lite < 1.1.25 - Authenticated (Contributor+) Stored Cross-Site Scripting

Description The Easy Contact Form Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.1.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level access and above...

6.5CVSS5.8AI score0.00328EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.16 views

SSL Zen <= 4.5.3 - Unauthenticated Private Keys Access

Description The plugin only relies on the use of .htaccess to prevent visitors from accessing the site's generated private keys, which allows an attacker to read them if the site runs on a server who doesn't support .htaccess files, like NGINX. PoC Install the plugin on a server that doesn't...

6.2AI score0.00413EPSS
Exploits2Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.15 views

AWP Classifieds < 4.3.2 - Cross-Site Request Forgery

Description The AWP Classifieds plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.1. This is due to missing or incorrect nonce validation on the ajax function. This makes it possible for unauthenticated attackers to edit balances via a forged...

4.3CVSS6.4AI score0.00212EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.21 views

MultiParcels Shipping For WooCommerce < 1.16.9 - Cross-Site Request Forgery

Description The MultiParcels Shipping For WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.16.9 exclusive. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perfo...

4.3CVSS6.7AI score0.00212EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.19 views

WP Meta SEO < 4.5.13 - Unauthenticated Password Protected Content Access

Description The plugin is vulnerable to Sensitive Information Exposure via the meta description, allowing unauthenticated attackers to disclose potentially sensitive information via the meta description of password-protected posts...

5.3CVSS6.3AI score0.00438EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.15 views

HT Mega < 2.5.0 - Contributor+ Stored XSS via Image Grid Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Image Grid widget's attributes due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages th...

6.4CVSS5.7AI score0.00423EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.13 views

Filter Custom Fields & Taxonomies Light <= 1.05 - Missing Authorization

Description The Filter Custom Fields & Taxonomies Light plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.05. This makes it possible for authenticated attackers, with subscriber-level access and above,...

8.8CVSS6.7AI score0.00351EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.13 views

Legal Pages < 1.4.3 - Cross-Site Request Forgery

Description The Legal Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.2. This is due to missing or incorrect nonce validation on the uninstallreasonsubmission function. This makes it possible for unauthenticated attackers to submit an...

4.3CVSS6.4AI score0.00212EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.10 views

Essential Addons for Elementor < 5.9.15 - Contributor+ Store XSS via Widget URL

Description The plugin is vulnerable to Stored Cross-Site Scripting via the URL attributes of widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.4CVSS5.8AI score0.00402EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.18 views

Church Content – Sermons, Events and More < 2.6.1 - Cross-Site Request Forgery to Notice Dismissal

Description The Church Content – Sermons, Events and More plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.6. This is due to missing or incorrect nonce validation on the ctchidethemesupportnotice function. This makes it possible for...

4.3CVSS6.6AI score0.00212EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.16 views

Sync Post With Other Site < 1.5.2 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as...

7.1CVSS6.8AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.28 views

Ovic Addon Toolkit <= 2.6.1 - Missing Authorization

Description The Ovic Addon Toolkit plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 2.6.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to perform an...

4.3CVSS6.2AI score0.0046EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.16 views

HT Mega < 2.4.7 - Contributor+ Stored XSS via Lightbox Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's lightbox widget due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to inject...

6.4CVSS5.7AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.13 views

WpTravelly < 1.6.1 - Cross-Site Request Forgery

Description The WpTravelly plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the quicksetup function. This makes it possible for unauthenticated attackers to trigger a set-up via a forg...

4.3CVSS6.4AI score0.00212EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.15 views

HT Mega < 2.4.7 - Contributor+ Stored XSS via size

Description The plugin is vulnerable to Stored Cross-Site Scripting via the 'size' value in several widgets due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers with contributor-level and above permissions to...

6.4CVSS5.7AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.11 views

Zoho Campaigns < 2.0.8 - Cross-Site Request Forgery via zcwc_integration_disconnect

Description The Zoho Campaigns plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the zcwcintegrationdisconnect function. This makes it possible for unauthenticated attackers to disconne...

8.8CVSS6.4AI score0.00241EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.15 views

RestroPress < 3.1.2.1 - Cross-Site Request Forgery via rpress_orders_list_table_process_bulk_actions

Description The RestroPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1.2. This is due to missing or incorrect nonce validation on the rpressorderslisttableprocessbulkactions function. This makes it possible for unauthenticated attackers ...

5.4CVSS6.4AI score0.00213EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.43 views

WP Show Posts < 1.1.6 - Improper Authorization to Information Exposure

Description The WP Show Posts plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with subscriber access and above, to view...

4.3CVSS6.5AI score0.00375EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.15 views

AffiEasy < 1.1.6 - Cross-Site Request Forgery

Description The AffiEasy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the delete-table action. This makes it possible for unauthenticated attackers to delete tables via a forged...

4.3CVSS6.4AI score0.00216EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.11 views

Short URL <= 1.6.8 - Reflected Cross-Site Scripting

Description The Short URL plugin for WordPress is vulnerable to Reflected Cross-Site Scripting in all versions up to, and including, 1.6.8 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that...

7.1CVSS6.3AI score0.00351EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.16 views

BEAF < 4.5.5 - Cross-Site Request Forgery to Notice Dismissal

Description The BEAF plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.5.4. This is due to missing or incorrect nonce validation on the bafgnewfeaturenoticedismissed function. This makes it possible for unauthenticated attackers to dismiss notice...

4.3CVSS6.4AI score0.00216EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.16 views

EAN for WooCommerce < 4.9.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via alg_wc_ean_product_meta Shortcode

Description The EAN for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'algwceanproductmeta' shortcode in all versions up to, and including, 4.8.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

6.4CVSS5.7AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.13 views

Email Marketing for WooCommerce by Omnisend < 1.14.4 - Cross-Site Request Forgery

Description The Email Marketing for WooCommerce by Omnisend plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.14.3. This is due to missing or incorrect nonce validation on the 'logoptions' action. This makes it possible for unauthenticated...

4.3CVSS6.6AI score0.00216EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.16 views

Ads.txt Admin <= 1.3 - Cross-Site Request Forgery

Description The Ads.txt Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a...

4.3CVSS6.4AI score0.00212EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.8 views

HT Mega < 2.5.0 - Contributor+ Stored XSS via Countdown Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Countdown widget's attributes due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or above, to inject arbitrary web scripts in pages that...

6.4CVSS5.7AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.15 views

FileBird < 5.6.4 - Author+ Users Folder Deletion

Description The plugin is vulnerable to Insecure Direct Object Reference via folder deletion due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with author access or higher, to delete folders created by other users and make their file uploads...

5.4CVSS6.5AI score0.00308EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.17 views

Kimili Flash Embed <= 2.5.3 - Cross-Site Request Forgery

Description The Kimili Flash Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.3. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown...

5.4CVSS6.9AI score0.00209EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.12 views

RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator < 4.4.8 - Authenticated(Contributor+) Blind Server-Side Request Forgery (SSRF)

Description The RSS Aggregator by Feedzy – Feed to Post, Autoblogging, News & YouTube Video Feeds Aggregator plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 4.4.7 via the fetchfeed functionality. This makes it possible for authenticate...

6.4CVSS6.5AI score0.00342EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.14 views

Redirection < 1.2.0 - Subscriber+ Unauthorised Action Calls

Description The plugin is vulnerable to unauthorized access due to a missing capability check on several functions, allowing authenticated attackers, with subscriber-level access and above, to perform unauthorized actions...

6.3AI score0.00208EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.20 views

Aspose.Words Exporter <= 6.3.1 - Missing Authorization

Description The Aspose.Words – Import and Export word documents plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 6.3.1. This makes it possible for authenticated attackers, with subscriber-level access a...

4.3CVSS6.2AI score0.00376EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/17 12:0 a.m.10 views

Sangar Slider <= 1.3.2 - Cross-Site Request Forgery

Description The Responsive Slider – Sangar Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.2. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to...

6.5CVSS6.8AI score0.00265EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.9 views

No-Bot Registration < 2.0 - Cross-Site Request Forgery

Description The No-Bot Registration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. This is due to missing or incorrect nonce validation on the ajdgnobotdashboard function. This makes it possible for unauthenticated attackers to moderate v...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.14 views

Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ XSS via HTML Element

Description The plugin is vulnerable to Stored Cross-Site Scripting via the HTML Element due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will execute...

6.4CVSS5.6AI score0.00404EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.15 views

Extra Product Options Builder for WooCommerce < 1.2.105 - Cross-Site Request Forgery to Notice Dismissal

Description The Extra Product Options Builder for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.104. This is due to missing or incorrect nonce validation on the DontShowAgain function. This makes it possible for unauthenticated...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

e2pdf < 1.23.00 - Cross-Site Request Forgery

Description The e2pdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.20.27. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...

5.4CVSS6.5AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.21 views

Paid Memberships Pro < 3.0.2 - Cross-Site Request Forgery

Description The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.1. This is due to missing or incorrect nonce validation on the pmproupdatelevelgrouporder...

5.3CVSS6.3AI score0.00297EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

LifterLMS < 7.5.1 - Cross-Site Request Forgery

Description The LifterLMS plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.5.0. This is due to missing or incorrect nonce validation on the llms-clone-post action. This makes it possible for unauthenticated attackers to clone posts via a forged...

8.8CVSS6.5AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.19 views

NewsXpress < 1.0.8 - Cross-Site Request Forgery to Notice Dismissal

Description The NewsXpress theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the dismissedhandler function. This makes it possible for unauthenticated attackers to dismiss notices via a...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

Page Builder: Live Composer < 1.5.36 - Cross-Site Request Forgery

Description The Page Builder: Live Composer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.35. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform...

5.4CVSS6.5AI score0.00197EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

Content Control < 2.2.0 - Missing Authorization to Sensitive Information Exposure

Description The Content Control – The Ultimate Content Restriction Plugin! Restrict Content, Create Conditional Blocks & More plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.1.0 via the API. This makes it possible for unauthenticated...

5.3CVSS6.5AI score0.00468EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.15 views

Customer Reviews for WooCommerce < 5.47.0 - Missing Authorization to Authenticated (Subscriber+) Coupon Search

Description The Customer Reviews for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'woocommercejsonsearchcoupons' function . This makes it possible for attackers with subscriber level access to view coupon codes...

4.3CVSS6.6AI score0.00454EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

Product Input Fields for WooCommerce < 1.8.0 - Cross-Site Request Forgery to Notice Dismissal

Description The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.0. This is due to missing or incorrect nonce validation on the dismissnotice function. This makes it possible for unauthenticated attackers t...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
Total number of security vulnerabilities14603