ReportizFlow
Filtered by vendor
Subscriptions
Total
8871 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-13684 | 1 Smartzminds | 1 Reset | 2025-02-21 | 8.1 High |
| The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the reset_db_page() function. This makes it possible for unauthenticated attackers to reset several tables in the database like comments, themes, plugins, and more via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-13852 | 1 Backie | 1 Option Editor | 2025-02-21 | 8.8 High |
| The Option Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.0. This is due to missing nonce validation on the plugin_page() function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. | ||||
| CVE-2025-0796 | 1 Kevinbrent | 1 Wprequal | 2025-02-21 | 4.3 Medium |
| The Mortgage Lead Capture System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 8.2.10. This is due to missing or incorrect nonce validation on the 'wprequal_reset_defaults' action. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-13315 | 1 Shopwarden | 1 Shopwarden | 2025-02-21 | 8.8 High |
| The Shopwarden – Automated WooCommerce monitoring & testing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.11. This is due to missing or incorrect nonce validation on the save_setting() function. This makes it possible for unauthenticated attackers to update arbitrary options and achieve privilege escalation via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-13438 | 1 Speedsize | 1 Speedsize Image \& Video Ai-optimizer | 2025-02-21 | 4.3 Medium |
| The SpeedSize Image & Video AI-Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.1. This is due to missing or incorrect nonce validation on the 'speedsize_clear_css_cache_action' function. This makes it possible for unauthenticated attackers to clear the plugins cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-13523 | 1 Shenyanzhi | 1 Memorialday | 2025-02-21 | 6.1 Medium |
| The MemorialDay plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-13795 | 1 Lightspeedhq | 1 Ecwid Ecommerce Shopping Cart | 2025-02-21 | 4.3 Medium |
| The Ecwid by Lightspeed Ecommerce Shopping Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.12.27. This is due to missing or incorrect nonce validation on the ecwid_deactivate_feedback() function. This makes it possible for unauthenticated attackers to send deactivation messages on behalf of a site owner via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2024-13718 | 1 Wpdesk | 1 Flexible Wishlist For Woocommerce | 2025-02-21 | 4.3 Medium |
| The Flexible Wishlist for WooCommerce – Ecommerce Wishlist & Save for later plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.26. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to modify/update/create other user's wishlists via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-23227 | 1 Php Everywhere Project | 1 Php Everywhere | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Alexander Fuchs PHP Everywhere plugin <= 2.0.2 versions. | ||||
| CVE-2021-44777 | 1 Email Tracker Project | 1 Email Tracker | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6). | ||||
| CVE-2022-23983 | 1 Wp-buy | 1 Wp Content Copy Protection \& No Right Click | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to plugin Settings Update discovered in WP Content Copy Protection & No Right Click WordPress plugin (versions <= 3.4.4). | ||||
| CVE-2022-25599 | 1 Spiffyplugins | 1 Spiffy Calendar | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to event deletion was discovered in Spiffy Calendar WordPress plugin (versions <= 4.9.0). | ||||
| CVE-2022-25608 | 1 Yooslider | 1 Yoo Slider | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) in Yoo Slider – Image Slider & Video Slider (WordPress plugin) allows attackers to trick authenticated users into unwanted slider duplicate or delete action. | ||||
| CVE-2022-25615 | 1 Stylemixthemes | 1 Eroom - Zoom Meetings \& Webinar | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.8 allows cache deletion. | ||||
| CVE-2022-25614 | 1 Stylemixthemes | 1 Eroom - Zoom Meetings \& Webinar | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) in StylemixThemes eRoom – Zoom Meetings & Webinar (WordPress plugin) <= 1.3.7 allows an attacker to Sync with Zoom Meetings. | ||||
| CVE-2021-36914 | 1 Claderaform | 1 Calderawp License Manager | 2025-02-20 | 6.1 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. | ||||
| CVE-2022-27847 | 1 Yooslider | 1 Yoo Slider | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to import templates. | ||||
| CVE-2022-27846 | 1 Yooslider | 1 Yoo Slider | 2025-02-20 | 4.3 Medium |
| Cross-Site Request Forgery (CSRF) vulnerability in Yooslider Yoo Slider <= 2.0.0 on WordPress allows attackers to create or modify slider. | ||||
| CVE-2022-27850 | 1 Plugin-planet | 1 Simple Ajax Chat | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) in Simple Ajax Chat (WordPress plugin) <= 20220115 allows an attacker to clear the chat log or delete a chat message. | ||||
| CVE-2022-27851 | 1 Dineshkarki | 1 Use Any Font | 2025-02-20 | 5.4 Medium |
| Cross-Site Request Forgery (CSRF) in Use Any Font (WordPress plugin) <= 6.1.7 allows an attacker to deactivate the API key. | ||||