Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-6244 | 1 Myeventon | 2 Eventon, Eventon-lite | 2024-11-21 | 6.5 Medium |
| The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6242 | 1 Myeventon | 2 Eventon, Eventon-lite | 2024-11-21 | 6.5 Medium |
| The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). This is due to missing or incorrect nonce validation on the evo_eventpost_update_meta function. This makes it possible for unauthenticated attackers to update arbitrary post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6197 | 1 Myaudiomerchant | 1 Audio Merchant | 2024-11-21 | 5.4 Medium |
| The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the audio_merchant_save_settings function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6196 | 1 Myaudiomerchant | 1 Audio Merchant | 2024-11-21 | 8.8 High |
| The Audio Merchant plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.0.4. This is due to missing or incorrect nonce validation on the function audio_merchant_add_audio_file function. This makes it possible for unauthenticated attackers to upload arbitrary files via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-6137 | 1 Wpfrontier | 1 Frontier Post | 2024-11-21 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in finnj Frontier Post allows Cross Site Request Forgery.This issue affects Frontier Post: from n/a through 6.1. | ||||
| CVE-2023-6022 | 1 Prefect | 1 Prefect | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5. | ||||
| CVE-2023-6008 | 1 Userproplugin | 1 Userpro | 2024-11-21 | 6.3 Medium |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on multiple functions. This makes it possible for unauthenticated attackers to add, modify, or delete user meta and plugin options. | ||||
| CVE-2023-5990 | 1 Funnelforms | 1 Funnelforms Free | 2024-11-21 | 6.5 Medium |
| The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor WordPress plugin before 3.4.2 does not have CSRF checks on some of its form actions such as deletion and duplication, which could allow attackers to make logged in admin perform such actions via CSRF attacks | ||||
| CVE-2023-5979 | 1 Implecode | 1 Ecommerce Product Catalog | 2024-11-21 | 6.5 Medium |
| The eCommerce Product Catalog Plugin for WordPress plugin before 3.3.26 does not have CSRF checks in some of its admin pages, which could allow attackers to make logged-in users perform unwanted actions via CSRF attacks, such as delete all products | ||||
| CVE-2023-5886 | 1 Soflyy | 2 Export Any Wordpress Data To Xml\/csv, Wp All Export | 2024-11-21 | 8.8 High |
| The Export any WordPress data to XML/CSV WordPress plugin before 1.4.0, WP All Export Pro WordPress plugin before 1.8.6 does not check nonce tokens early enough in the request lifecycle, allowing attackers with the ability to upload files to make logged in users perform unwanted actions leading to PHAR deserialization, which may lead to remote code execution. | ||||
| CVE-2023-5884 | 1 Back2nature | 1 Word Balloon | 2024-11-21 | 6.5 Medium |
| The Word Balloon WordPress plugin before 4.20.3 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to trick a logged in user to delete arbitrary avatars by clicking a link. | ||||
| CVE-2023-5803 | 1 Businessdirectoryplugin | 1 Business Directory | 2024-11-21 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Business Directory Team Business Directory Plugin – Easy Listing Directories for WordPress allows Cross-Site Request Forgery.This issue affects Business Directory Plugin – Easy Listing Directories for WordPress: from n/a through 6.3.10. | ||||
| CVE-2023-5776 | 1 Wpexpertplugins | 1 Post Meta Data Manager | 2024-11-21 | 4.3 Medium |
| The Post Meta Data Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the pmdm_wp_ajax_delete_meta, pmdm_wp_delete_user_meta, and pmdm_wp_delete_user_meta functions. This makes it possible for unauthenticated attackers to delete arbitrary user, term, and post meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-5772 | 1 Bowo | 1 Debug Log Manager | 2024-11-21 | 4.3 Medium |
| The Debug Log Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.1. This is due to missing or incorrect nonce validation on the clear_log() function. This makes it possible for unauthenticated attackers to clear the debug log via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-5756 | 1 Supsystic | 1 Digital Publications By Supsystic | 2024-11-21 | 5.4 Medium |
| The Digital Publications by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.6. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-5690 | 1 Modoboa | 1 Modoboa | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. | ||||
| CVE-2023-5687 | 1 Mosparo | 1 Mosparo | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository mosparo/mosparo prior to 1.0.3. | ||||
| CVE-2023-5626 | 1 Sfu | 1 Open Journal System | 2024-11-21 | 8.8 High |
| Cross-Site Request Forgery (CSRF) in GitHub repository pkp/ojs prior to 3.3.0-16. | ||||
| CVE-2023-5537 | 1 Joselazo | 1 Delete Usermeta | 2024-11-21 | 4.3 Medium |
| The Delete Usermeta plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing nonce validation on the delumet_options_page() function. This makes it possible for unauthenticated attackers to remove user meta for arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-5519 | 1 Metagauss | 1 Eventprime | 2024-11-21 | 4.3 Medium |
| The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | ||||