Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2023-0499

The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE
#csrf#wordpress
CVE-2023-0504

The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE-2023-0505

The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE-2023-0503

The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE-2023-0484

The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack

CVE-2023-0335

The WP Shamsi WordPress plugin through 4.3.3 has CSRF and broken access control vulnerabilities which leads user with role as low as subscriber delete attachment.

WebTareas 2.4 Cross Site Scripting

WebTareas version 2.4 suffers from multiple cross site scripting vulnerabilities.

CVE-2022-30705: WordPress Ping Optimizer plugin <= 2.35.1.2.3 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Pankaj Jha WordPress Ping Optimizer plugin <= 2.35.1.2.3 versions.

GHSA-wxmq-v9gx-75pg: Moodle vulnerable to Cross-site Request Forgery

The link to reset all templates of a database activity did not include the necessary token to prevent a CSRF risk.

CVE-2023-1612: SQL injection vulnerability exists in the /files/list-file interface of the rebuild system · Issue #598 · getrebuild/rebuild

A vulnerability, which was classified as critical, was found in Rebuild up to 3.2.3. This affects an unknown part of the file /files/list-file. The manipulation leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-223743.