Security
Headlines
HeadlinesLatestCVEs

Tag

#csrf

CVE-2022-45804: WordPress Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in RoboSoft Photo Gallery, Images, Slider in Rbs Image Gallery plugin <= 3.2.9 leading to galleries hierarchy change, included plugin deactivate & activate.

CVE
#csrf#vulnerability#wordpress#auth
CVE-2022-45068: WordPress Mercado Pago payments for WooCommerce plugin <= 6.3.1 - Cross-Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1.

CVE-2022-40198: WordPress TeraWallet – For WooCommerce plugin <= 1.3.24 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in StandaloneTech TeraWallet – For WooCommerce plugin <= 1.3.24 leading to plugin settings change.

CVE-2022-38468: WordPress WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 - Cross-Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.28 leading to thumbnail alteration.

CVE-2023-23974: WordPress Quick Event Manager plugin <= 9.7.4 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Fullworks Quick Event Manager plugin <= 9.7.4 affecting all registration actions (delete, delete all, edit, update).

CVE-2023-23984: WordPress Bubble Menu – circle floating menu plugin <= 3.0.1 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Bubble Menu – circle floating menu plugin <= 3.0.1 leading to form deletion.

WordPress WoodMart Theme 7.1.1 Cross Site Request Forgery

WordPress WoodMart Theme versions 7.1.1 and below suffer from a cross site request forgery vulnerability due to missing nonce validation on the process_form function.

Osprey Pump Controller 1.0.1 Cross Site Request Forgery

Osprey Pump Controller version 1.0.1 suffers from a cross site request forgery vulnerability.

WordPress Real Estate 7 Theme 3.3.4 Cross Site Request Forgery

WordPress Real Estate 7 Theme versions 3.3.4 and below suffer from multiple cross site request forgery vulnerabilities.