Vulnerabilities (CVE)

Cross-Site Request Forgery (CSRF) vulnerability in Hasina77 Wp Easy Allopass allows Cross Site Request Forgery. This issue affects Wp Easy Allopass: from n/a through 4.1.1.

Cross-Site Request Forgery (CSRF) vulnerability in WP Legal Pages WP Cookie Notice for GDPR, CCPA & ePrivacy Consent allows Cross Site Request Forgery. This issue affects WP Cookie Notice for GDPR, CCPA & ePrivacy Consent: from n/a through 3.8.0.

Cross-Site Request Forgery (CSRF) vulnerability in jokerbr313 Advanced Post List allows Cross Site Request Forgery. This issue affects Advanced Post List: from n/a through 0.5.6.2.

Cross-Site Request Forgery (CSRF) vulnerability in storepro Subscription Renewal Reminders for WooCommerce allows Cross Site Request Forgery. This issue affects Subscription Renewal Reminders for WooCommerce: from n/a through 1.3.7.

Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive Regional Map of Africa allows Cross Site Request Forgery. This issue affects Interactive Regional Map of Africa: from n/a through 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in codepeople WP Time Slots Booking Form allows Cross Site Request Forgery. This issue affects WP Time Slots Booking Form: from n/a through 1.2.30.

Cross-Site Request Forgery (CSRF) vulnerability in Soli WP Mail Options allows Stored XSS. This issue affects WP Mail Options: from n/a through 0.2.3.

Cross-Site Request Forgery (CSRF) vulnerability in Seerox WP Media File Type Manager allows Cross Site Request Forgery. This issue affects WP Media File Type Manager: from n/a through 2.3.0.

Cross-Site Request Forgery (CSRF) vulnerability in Adrian Hanft Konami Easter Egg allows Stored XSS. This issue affects Konami Easter Egg: from n/a through v0.4.

Cross-Site Request Forgery (CSRF) vulnerability in OTWthemes Widgetize Pages Light allows Stored XSS. This issue affects Widgetize Pages Light: from n/a through 3.0.

Cross-Site Request Forgery (CSRF) vulnerability in Michael Cannon Custom Bulk/Quick Edit allows Cross Site Request Forgery. This issue affects Custom Bulk/Quick Edit: from n/a through 1.6.10.

Cross-Site Request Forgery (CSRF) vulnerability in Daman Jeet Real Time Validation for Gravity Forms allows Cross Site Request Forgery.This issue affects Real Time Validation for Gravity Forms: from n/a through 1.7.0.

Cross-Site Request Forgery (CSRF) vulnerability in Bill Minozzi WP Tools allows Cross Site Request Forgery. This issue affects WP Tools: from n/a through 5.24.

Cross-Site Request Forgery (CSRF) vulnerability in ThemeHigh Dynamic Pricing and Discount Rules allows Cross Site Request Forgery.This issue affects Dynamic Pricing and Discount Rules: from n/a through 2.2.9.

Cross-Site Request Forgery (CSRF) vulnerability in WP Map Plugins Interactive UK Regional Map allows Cross Site Request Forgery. This issue affects Interactive UK Regional Map: from n/a through 2.0.

Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor allows Path Traversal. This issue affects POEditor: from n/a through 0.9.10.

Cross-Site Request Forgery (CSRF) vulnerability in Jatinder Pal Singh BP Profile as Homepage allows Stored XSS. This issue affects BP Profile as Homepage: from n/a through 1.1.

Cross-Site Request Forgery (CSRF) vulnerability in David Shabtai Post Author allows Stored XSS. This issue affects Post Author: from n/a through 1.1.1.

Cross-Site Request Forgery (CSRF) vulnerability in Jonathan Lau CubePoints allows Cross Site Request Forgery. This issue affects CubePoints: from n/a through 3.2.1.

Cross-Site Request Forgery (CSRF) vulnerability in cmsMinds Pay with Contact Form 7 allows Cross Site Request Forgery. This issue affects Pay with Contact Form 7: from n/a through 1.0.4.

Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allows Path Traversal. This issue affects Backwp: from n/a through 2.0.2.

Cross-Site Request Forgery (CSRF) vulnerability in weblizar HR Management Lite allows Cross Site Request Forgery. This issue affects HR Management Lite: from n/a through 3.3.

Cross-Site Request Forgery (CSRF) vulnerability in Matthias Nordwig Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant allows Cross Site Request Forgery. This issue affects Anti-spam, Spam protection, ReCaptcha for all forms and GDPR-compliant: from n/a through 4.1.1.

Cross-Site Request Forgery (CSRF) vulnerability in Booqable Rental Software Booqable Rental allows Cross Site Request Forgery. This issue affects Booqable Rental: from n/a through 2.4.20.

Cross-Site Request Forgery (CSRF) vulnerability in mariusz88atelierweb Atelier Create CV allows Cross Site Request Forgery. This issue affects Atelier Create CV: from n/a through 1.1.2.

Cross-Site Request Forgery (CSRF) vulnerability in Vuong Nguyen WP Security Master allows Cross Site Request Forgery. This issue affects WP Security Master: from n/a through 1.0.2.

Cross-Site Request Forgery (CSRF) vulnerability in Alessandro Piconi Simple Keyword to Link allows Cross Site Request Forgery. This issue affects Simple Keyword to Link: from n/a through 1.5.

Cross-Site Request Forgery (CSRF) vulnerability in Anton Vanyukov Market Exporter allows Cross Site Request Forgery. This issue affects Market Exporter: from n/a through 2.0.22.

Cross-Site Request Forgery (CSRF) vulnerability in Giraphix Creative Layouts for Elementor allows Cross Site Request Forgery. This issue affects Layouts for Elementor: from n/a through 1.11.

Cross-Site Request Forgery (CSRF) vulnerability in everestthemes Everest Backup allows Cross Site Request Forgery. This issue affects Everest Backup: from n/a through 2.3.3.

Cross-Site Request Forgery (CSRF) vulnerability in Groundhogg Inc. Groundhogg allows Cross Site Request Forgery.This issue affects Groundhogg: from n/a through 3.4.2.3.

Cross-Site Request Forgery (CSRF) vulnerability in Searchiq SearchIQ.This issue affects SearchIQ: from n/a through 4.6.

A Cross-Site Request Forgery (CSRF) in the component admin_room_added.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.

A Cross-Site Request Forgery (CSRF) in the component admin_room_removed.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.

A Cross-Site Request Forgery (CSRF) in the component admin_modify_room.php of Hotel Management System commit 91caab8 allows attackers to escalate privileges.

Cross-Site Request Forgery (CSRF) vulnerability in BdThemes Element Pack Pro allows Cross Site Request Forgery.This issue affects Element Pack Pro: from n/a before 8.0.0.

Unisys Data Exchange Management Studio before 6.0.IC2 and 7.x before 7.0.IC1 doesn't have an Anti-CSRF token to authenticate the POST request. Thus, a cross-site request forgery attack could occur.

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/email/email_conf_updagte

The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php. This makes it possible for unauthenticated attackers to update vendor account details, create vendor accounts, and delete arbitrary users via a forged request granted they can trick a site administrato ... The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2.4. This is due to missing or incorrect nonce validation on several functions in api/class-mvx-rest-controller.php. This makes it possible for unauthenticated attackers to update vendor account details, create vendor accounts, and delete arbitrary users via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Show More

FlyCms v1.0 contains a Cross-Site Request Forgery (CSRF) vulnerability via /system/admin/update_group_save.