Total
7170 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-46856 | 1 Orion | 1 Woocommerce Products Designer | 2025-01-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ORION Woocommerce Products Designer plugin <= 4.3.3 versions. | ||||
| CVE-2022-47144 | 1 Frenify | 1 Mediamatic | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions. | ||||
| CVE-2022-47136 | 1 Wpmanageninja | 1 Ninja Tables | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPManageNinja LLC Ninja Tables – Best Data Table Plugin for WordPress plugin <= 4.3.4 versions. | ||||
| CVE-2022-47178 | 1 Simplesharebuttons | 1 Simple Share Buttons Adder | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Simple Share Buttons Simple Share Buttons Adder plugin <= 8.4.7 versions. | ||||
| CVE-2022-47174 | 1 Wordpress | 1 Performance Lab | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WordPress Performance Team Performance Lab plugin <= 2.2.0 versions. | ||||
| CVE-2023-23714 | 1 Uncannyowl | 1 Uncanny Toolkit For Learndash | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit for LearnDash plugin <= 3.6.4.1 versions. | ||||
| CVE-2023-25971 | 1 Fixbd | 1 Educare | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in FixBD Educare plugin <= 1.4.1 versions. | ||||
| CVE-2023-28173 | 1 Digitalinspiration | 1 Google Xml Sitemap For Images | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Amit Agarwal Google XML Sitemap for Images plugin <= 2.1.3 versions. | ||||
| CVE-2023-28172 | 1 Flippercode | 1 Wp Google Map | 2025-01-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in flippercode WordPress Plugin for Google Maps – WP MAPS (formerly WP Google Map Plugin) plugin <= 4.4.2 versions. | ||||
| CVE-2023-26514 | 1 Wpgrim | 1 Dynamic Xml Sitemaps Generator For Google | 2025-01-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in WPGrim Dynamic XML Sitemaps Generator for Google plugin <= 1.3.3 versions. | ||||
| CVE-2023-26524 | 1 Expresstech | 1 Quiz And Survey Master | 2025-01-08 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in ExpressTech Quiz And Survey Master – Best Quiz, Exam and Survey Plugin for WordPress plugin <= 8.0.10 versions. | ||||
| CVE-2023-47230 | 1 Cimatti | 1 Wordpress Contact Forms | 2025-01-08 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Cimatti Consulting WordPress Contact Forms by Cimatti plugin <= 1.6.0 versions. | ||||
| CVE-2023-33409 | 1 Minical | 1 Minical | 2025-01-08 | 6.5 Medium |
| Minical 1.0.0 is vulnerable to Cross Site Request Forgery (CSRF) via minical/public/application/controllers/settings/company.php. | ||||
| CVE-2024-0515 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 4.3 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_compare function. This makes it possible for unauthenticated attackers to remove items from user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-0514 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 4.3 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_compare function. This makes it possible for unauthenticated attackers to add items to user compare lists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-0513 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 4.3 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the remove_from_wishlist function. This makes it possible for unauthenticated attackers to remove items from user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-0512 | 1 Royal-elementor-addons | 1 Royal Elementor Addons | 2025-01-08 | 4.3 Medium |
| The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.87. This is due to missing or incorrect nonce validation on the add_to_wishlist function. This makes it possible for unauthenticated attackers to add items to user wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-1943 | 1 Wpmoose | 1 Yuki | 2025-01-08 | 4.3 Medium |
| The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the reset_customizer_options() function. This makes it possible for unauthenticated attackers to reset the themes settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-0767 | 1 Envothemes | 1 Envo\'s Elementor Templates \& Widgets For Woocommerce | 2025-01-08 | 4.3 Medium |
| The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. This is due to missing or incorrect nonce validation on the ajax_plugin_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed plugins via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-0768 | 1 Envothemes | 1 Envo\'s Elementor Templates \& Widgets For Woocommerce | 2025-01-08 | 4.3 Medium |
| The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. This is due to missing or incorrect nonce validation on the ajax_theme_activation function. This makes it possible for unauthenticated attackers to activate arbitrary installed themes via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||