Lucene search
K
WpvulndbRecent

14603 matches found

WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

ReDi Restaurant Reservation < 24.0303 - Cross-Site Request Forgery via redi_restaurant_admin_options_page()

Description The ReDi Restaurant Reservation plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 24.0128. This is due to missing or incorrect nonce validation on the redirestaurantadminoptionspage function. This makes it possible for unauthenticated...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.12 views

ProfileGrid < 5.7.9 - Cross-Site Request Forgery

Description The ProfileGrid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.7.8. This is due to missing or incorrect nonce validation in the admin/partials/add-group.php file. This makes it possible for unauthenticated attackers to delete group...

8.8CVSS6.4AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.24 views

Leaflet Maps Marker (Google Maps, OpenStreetMap, Bing Maps) < 3.12.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode

Description The Leaflet Maps Marker Google Maps, OpenStreetMap, Bing Maps plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mapsmarker' shortcode in all versions up to, and including, 3.12.8 due to insufficient input sanitization and output escaping on user...

6.4CVSS5.7AI score0.00435EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

Spa and Salon < 1.2.8 - Cross-Site Request Forgery to Notice Dismissal

Description The Spa and Salon theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the spaandsalonupdateadminnotice function. This makes it possible for unauthenticated attackers to dismiss...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.18 views

AppPresser < 4.3.1 - Cross-Site Request Forgery via force_logging_off()

Description The AppPresser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.3.0. This is due to missing or incorrect nonce validation on the forceloggingoff function. This makes it possible for unauthenticated attackers to turn logging off via a...

8.8CVSS6.4AI score0.00243EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.14 views

Exclusive Addons for Elementor < 2.6.9.3 - Contributor+ Stored XSS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the ‘exadinfoboxanimatingmaskstyle’ parameter of its InfoBox due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitra...

6.4CVSS5.7AI score0.0032EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.11 views

Link Whisper Free < 0.7.0

Description The Link Whisper Free plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6.9. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown...

4.3CVSS6.6AI score0.00214EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ Stored XSS via Custom JS

Description The plugin is vulnerable to Stored Cross-Site Scripting via the custom JS parameter due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access or higher, to inject arbitrary web scripts in pages that will...

6.4CVSS5.7AI score0.00404EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.14 views

Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ Stored XSS via aux_gmaps Shortcode

Description The plugin is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxgmaps' shortcode due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject...

6.4CVSS5.7AI score0.00543EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.11 views

ELEX WooCommerce Dynamic Pricing and Discounts < 2.1.3 - Cross-Site Request Forgery

Description The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on various function. This makes it possible for unauthenticated attackers t...

4.3CVSS6.6AI score0.00205EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

WP Compress – Image Optimizer [All-In-One] < 6.11.01 - Cross-Site Request Forgery

Description The WP Compress – Image Optimizer All-In-One plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.10.35. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers ...

4.3CVSS6.7AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.12 views

ELEX WooCommerce Dynamic Pricing and Discounts < 2.1.3 - Cross-Site Request Forgery

Description The ELEX WooCommerce Dynamic Pricing and Discounts plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on various function. This makes it possible for unauthenticated attackers t...

4.3CVSS6.5AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.21 views

Easy Logo <= 1.9.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Easy Logo plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.9.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.9AI score0.00319EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.12 views

Feather Login Page < 1.1.6 - Cross-Site Request Forgery via saveData()

Description The Feather Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the saveData function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS6.4AI score0.00214EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.11 views

WordPress Hosting Benchmark tool < 1.3.7 - Cross-Site Request Forgery via execute_plugin()

Description The WordPress Hosting Benchmark tool plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the executeplugin function. This makes it possible for unauthenticated attackers to...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.22 views

Login with phone number < 1.6.94 - Cross-Site Request Forgery

Description The Login with phone number plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.93. This is due to missing or incorrect nonce validation on the lwpforgotpassword and lwpupdatepasswordaction functions. This makes it possible for...

8.8CVSS6.5AI score0.0031EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.11 views

MailChimp Forms by MailMunch < 3.2.2 - Cross-Site Request Forgery

Description The MailChimp Forms by MailMunch plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. This is due to missing or incorrect nonce validation on the integrate case. This makes it possible for unauthenticated attackers to update the...

8.8CVSS6.5AI score0.00221EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.20 views

Spotlight Social Media Feeds < 1.6.11 - Cross-Site Request Forgery

Description The Spotlight Social Media Feeds plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.10. This is due to missing or incorrect nonce validation in the AuthCallbackListener class. This makes it possible for unauthenticated attackers to...

4.3CVSS6.5AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.10 views

F4 Improvements < 1.8.1 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The F4 Improvements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.8AI score0.00319EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.17 views

TWIPLA (Visitor Analytics IO) < 1.3.0 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The TWIPLA Visitor Analytics IO – Privacy-First Website Stats, Session Recordings, Heatmaps, Polls and Surveys plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.2.0 due to insufficient input sanitization and...

5.9CVSS5.7AI score0.00319EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.17 views

Benchmark Email Lite < 4.2 - Cross-Site Request Forgery via page_settings()

Description The Benchmark Email Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.1. This is due to missing or incorrect nonce validation on the pagesettings function. This makes it possible for unauthenticated attackers to update the plugin...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.17 views

Ultimate Product Catalogue < 5.2.16 - Cross-Site Request Forgery via reset_settings()

Description The Ultimate Product Catalogue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.2.15. This is due to missing or incorrect nonce validation on the resetsettings function. This makes it possible for unauthenticated attackers to reset t...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.12 views

Advanced Cron Manager – debug & control < 2.5.3 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Advanced Cron Manager – debug & control plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.5.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

5.9CVSS5.8AI score0.00355EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.14 views

GP Unique ID < 1.5.6 - Unauthenticated Form Submission Unique ID Modification

Description The plugin is vulnerable to Unique ID Modification due to insufficient input validation. This makes it possible for unauthenticated attackers to tamper with the generation of a unique ID on a form submission and replace the generated unique ID with a user-controlled one, leading to a...

5.3CVSS6.7AI score0.0103EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

WP Accessibility Helper (WAH) < 0.6.2.6 - Missing Authorization

Description The WP Accessibility Helper WAH plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the updateattachmentalt function in versions up to, and including, 0.6.2.5. This makes it possible for authenticated attackers, with...

8.8CVSS6.3AI score0.00323EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.11 views

WP Matterport Shortcode < 2.2.0 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action granted they can trick a site administrator into performing an action such as...

4.3CVSS5.5AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.12 views

Sarada Lite < 1.1.3 - Cross-Site Request Forgery to Notice Dismissal

Description The Sarada Lite theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the saradaliteupdateadminnotice function. This makes it possible for unauthenticated attackers to dismiss...

4.3CVSS6.4AI score0.00227EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.14 views

Shortcodes and extra features for Phlox theme <= 2.15.5 - Contributor+ Stored XSS via Accordion Widget

Description The plugin is vulnerable to Stored Cross-Site Scripting via the Accordion Widget due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor access and higher, to inject arbitrary web scripts in pages that will execu...

6.4CVSS5.7AI score0.00531EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

Amelia < 1.0.96 - Cross-Site Request Forgery

Description The Amelia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.95. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...

5.4CVSS6.5AI score0.00197EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.15 views

Currency per Product for WooCommerce < 1.7.0 - Cross-Site Request Forgery to Notice Dismissal

Description The Currency per Product for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.0. This is due to missing or incorrect nonce validation on the dismissnotice function. This makes it possible for unauthenticated attackers t...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.20 views

Table & Contact Form 7 Database – Tablesome < 1.0.26 - Cross-Site Request Forgery

Description The Table & Contact Form 7 Database – Tablesome plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.25. This is due to missing or incorrect nonce validation on the publishtable function. This makes it possible for unauthenticated...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.11 views

WooCommerce UPS Shipping – Live Rates and Access Points < 2.2.5 - Cross-Site Request Forgery

Description The WooCommerce UPS Shipping – Live Rates and Access Points plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.4. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for...

4.3CVSS6.8AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.16 views

Shortcodes and extra features for Phlox theme <= 2.15.2 - Subscriber+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input from the vulnerable 'id' parameter in the 'auxintemplatecontrolimporter' function. This makes it possible for authenticated attackers able to upload a separate PHAR payload as an image file to inje...

7.5CVSS7.1AI score0.00869EPSS
Exploits0References1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.16 views

Simple Post Notes < 1.7.7 - Cross-Site Request Forgery

Description The Simple Post Notes plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.7.7 exclusive. This is due to missing or incorrect nonce validation on an unknown function. This makes it possible for unauthenticated attackers to perform an unknown action...

4.3CVSS6.5AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.32 views

Premmerce Product Filter for WooCommerce < 3.7.3 - Missing Authorization

Description The Premmerce Product Filter for WooCommerce plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in versions up to, and including, 3.7.2. This makes it possible for authenticated attackers, with subscriber-level access and above, t...

8.8CVSS6.4AI score0.00314EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.17 views

WooCommerce Google Feed Manager < 2.6.0 - Authenticated (Admin+) SQL Injection to Reflected Cross-Site Scripting

Description The WooCommerce Google Feed Manager plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 2.4.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This mak...

7.2CVSS7.3AI score0.00684EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.9 views

Marker.io < 1.1.9 - Cross-Site Request Forgery

Description The Marker.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.8. This is due to missing or incorrect nonce validation on the markeriosaveoption function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.9 views

Intagrate Lite < 1.3.8 - Authenticated (Admin+) Stored Cross-Site Scripting

Description The Intagrate Lite plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.3.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...

5.9CVSS5.7AI score0.00322EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.21 views

WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) < 3.1.0 - Missing Authorization to Unauthenticated Arbitrary Post Deletion

Description The WP Cookie Consent for GDPR, CCPA & ePrivacy plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the gdprpolicyprocessdelete function in all versions up to, and including, 3.0.2. This makes it possible for unauthenticated attackers t...

5.3CVSS6.7AI score0.0053EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.19 views

EasyEvent <= 1.0.0 - Admin+ Stored XSS

Description The plugin does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfilteredhtml is disallowed PoC 1. Got to https://example.com/wp-admin/options-general.php?page=easyevent 2. In the ID...

5.7AI score0.00435EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.21 views

WP Meta SEO < 4.5.13 - Unauthenticated Stored Cross-Site Scripting via Referer header

Description The WP Meta SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Referer’ header in all versions up to, and including, 4.5.12 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...

7.2CVSS5.9AI score0.00445EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.21 views

MihanPanel < 12.7 - Cross-Site Request Forgery

Description The MihanPanel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to 12.7. This is due to missing or incorrect nonce validation on the delete and deleteall cases. This makes it possible for unauthenticated attackers to delete IP addresses from the blocked...

5.4CVSS6.4AI score0.00197EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

Popup Like box – Page < 3.7.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The Popup Like box – Page Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.7.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00319EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.14 views

WP Event Aggregator < 1.7.7 - Cross-Site Request Forgery via wpea_deauthorize_user()

Description The WP Event Aggregator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the wpeadeauthorizeuser function. This makes it possible for unauthenticated attackers to remove a...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.17 views

bunny.net – WordPress CDN Plugin < 2.0.2 - Authenticated (Administrator+) Stored Cross-Site Scripting

Description The bunny.net – WordPress CDN Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...

5.9CVSS5.7AI score0.00319EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.22 views

EleForms – All In One Form Integration including DB for Elementor < 2.9.9.8 - Missing Authorization to Sensitive Information Exposure

Description The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check when downloading form submissions in all versions up to, and including, 2.9.9.7. This makes it possible for...

5.3CVSS6.6AI score0.00532EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.15 views

UsersWP < 1.2.6 - Cross-Site Request Forgery

Description The UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing or incorrect nonce validation on an unknown...

5.4CVSS6.5AI score0.00197EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

Blocksy Companion < 2.0.29 - Cross-Site Request Forgery

Description The plugin is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to perform unauthorized actions via a forged request granted they can trick a site administrator into performi...

8.8CVSS6.6AI score0.00208EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.13 views

The Conference < 1.2.1 - Cross-Site Request Forgery to Notice Dismissal

Description The The Conference theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the theconferenceupdateadminnotice function. This makes it possible for unauthenticated attackers to...

4.3CVSS6.4AI score0.002EPSS
Exploits0References1Affected Software1
WPVulnDB
WPVulnDB
added 2024/04/16 12:0 a.m.15 views

5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg < 1.3.02 - Missing Authorization

Description The 5 star review funnel for Google Reviews, Trustpilot, ProvenExpert and more | RRatingg plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in all versions up to, and including, 1.2.67. This makes it possible for...

7.5CVSS7.3AI score0.00583EPSS
Exploits0References1
Total number of security vulnerabilities14603