Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.6 versions.

**Solution**

 Fixed

Update the WordPress Comments Ratings plugin to the latest available version (at least 1.1.7).

Found this useful? Thank yuyudhn for reporting this vulnerability. Buy a coffee ☕

yuyudhn discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Comments Ratings Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 1.1.7.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-23704: WordPress Comments Ratings plugin <= 1.1.6 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in GalleryPlugins Video Contest WordPress plugin <= 3.2 versions.

**Solution**

 No fix

No patched version is available.

Cat discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Video Contest WordPress Plugin Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has not been known to be fixed yet.

**Other vulnerabilities in this plugin**

 2 present

 0 patched

View all

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2022-45823: WordPress Video Contest WordPress Plugin plugin <= 3.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WP Engine PHP Compatibility Checker plugin <= 1.5.2 versions.

**Solution**

 Fixed

Update the WordPress PHP Compatibility Checker plugin to the latest available version (at least 1.6.0).

Found this useful? Thank Mika for reporting this vulnerability. Buy a coffee ☕

Mika discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress PHP Compatibility Checker Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 1.6.0.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-24421: WordPress PHP Compatibility Checker plugin <= 1.5.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade PixTypes plugin <= 1.4.14 versions.

**Solution**

 Fixed

Update the WordPress PixTypes plugin to the latest available version (at least 1.4.15).

Found this useful? Thank Mika for reporting this vulnerability. Buy a coffee ☕

Mika discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress PixTypes Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 1.4.15.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-25487: WordPress PixTypes plugin <= 1.4.14 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions.

**Solution**

 Fixed

Update the WordPress LWS Cleaner plugin to the latest available version (at least 2.3.1).

konagash discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress LWS Cleaner Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 2.3.1.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-35781: WordPress LWS Cleaner plugin <= 2.3.0 - Multiple Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes JustTables plugin <= 1.4.9 versions.

**Solution**

 Fixed

Update the WordPress JustTables – WooCommerce Product Table plugin to the latest available version (at least 1.5.0).

Found this useful? Thank Lana Codes for reporting this vulnerability. Buy a coffee ☕

Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress JustTables – WooCommerce Product Table Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 1.5.0.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-23803: WordPress JustTables – WooCommerce Product Table plugin <= 1.4.9 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Menu plugin <= 1.2.1 versions.

**Solution**

 Fixed

Update the WordPress HT Menu plugin to the latest available version (at least 1.2.2).

Found this useful? Thank Lana Codes for reporting this vulnerability. Buy a coffee ☕

Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress HT Menu Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 1.2.2.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-23791: WordPress HT Menu – WordPress Mega Menu Builder for Elementor plugin <= 1.2.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in HasThemes Swatchly plugin <= 1.2.0 versions.

**Solution**

 Fixed

Update the WordPress Swatchly – WooCommerce Variation Swatches for Products plugin to the latest available version (at least 1.2.1).

Found this useful? Thank Lana Codes for reporting this vulnerability. Buy a coffee ☕

Lana Codes discovered and reported this Cross Site Request Forgery (CSRF) vulnerability in WordPress Swatchly – WooCommerce Variation Swatches for Products Plugin. This could allow a malicious actor to force higher privileged users to execute unwanted actions under their current authentication. This vulnerability has been fixed in version 1.2.1.

**No other known vulnerabilities for this plugin**Report

**WordPress plugin developer?**

Start a free security program for your WordPress plugins or request an audit.

Apply for MVDP

**Security researcher?**

Report to Patchstack Alliance bounty platform and earn monthly cash prizes.

Learn more

CVE-2023-23792: WordPress Swatchly – WooCommerce Variation Swatches for Products plugin <= 1.2.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

The "Buy Me a Coffee – Button and Widget Plugin" plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the recieve_post, bmc_disconnect, name_post, and widget_post functions in versions up to, and including, 3.7. This makes it possible for unauthenticated attackers to update the plugins settings, via a forged request granted the attacker can trick a site's administrator into performing an action such as clicking on a link.

CVE-2023-2079: Changeset 2935565 for buymeacoffee – WordPress Plugin Repository

A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function action_admin_notices_activation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is named bf914f3a59063fa4df8fd4925ae18a5d852396d7. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-233363.

@@ -1,11 +1,11 @@

<?php

/\*

Plugin Name: View All Post's Pages

Plugin URI: http://www.thinkoomph.com/plugins-modules/view-all-posts-pages/

Plugin URI: http://www.oomphinc.com/plugins-modules/view-all-posts-pages/

Description: Provides a "view all" (single page) option for posts, pages, and custom post types paged using WordPress' <a href="http://codex.wordpress.org/Write\_Post\_SubPanel#Quicktags" target="\_blank"><code>&lt;!--nextpage--&gt;</code> Quicktag</a> (multipage posts).

Author: Erick Hitter & Oomph, Inc.

Version: 0.9

Author URI: http://www.thinkoomph.com/

Version: 0.9.1

Author URI: http://www.oomphinc.com/

Text Domain: view\_all\_posts\_pages

This program is free software; you can redistribute it and/or modify

Expand Down Expand Up

@@ -686,9 +686,9 @@ public function action\_admin\_notices\_activation() {

<div id\="wpf-rewrite-flush-warning" class\="error fade"\>

<p\><strong\><?php \_e( 'View All Post\\'s Pages', 'view\_all\_posts\_pages' ); ?></strong\></p\>

 

<p\><?php printf( \_\_( 'You must refresh your site\\'s permalinks before View All Post\\'s Pages is fully activated. To do so, go to <a href="%s">Permalinks</a> and click the Save Changes button at the bottom of the screen.', 'view\_all\_posts\_pages' ), admin\_url( 'options-permalink.php' ) ); ?></p\>

<p\><?php printf( \_\_( 'You must refresh your site\\'s permalinks before View All Post\\'s Pages is fully activated. To do so, go to <a href="%s">Permalinks</a> and click the Save Changes button at the bottom of the screen.', 'view\_all\_posts\_pages' ), esc\_url( admin\_url( 'options-permalink.php' ) ) ); ?></p\>

 

<p\><?php printf( \_\_( 'When finished, click <a href="%s">here</a> to hide this message.', 'view\_all\_posts\_pages' ), admin\_url( add\_query\_arg( $this\->notice\_key, 1, 'index.php' ) ) ); ?></p\>

<p\><?php printf( \_\_( 'When finished, click <a href="%s">here</a> to hide this message.', 'view\_all\_posts\_pages' ), esc\_url( admin\_url( add\_query\_arg( $this\->notice\_key, 1, 'index.php' ) ) ) ); ?></p\>

</div\>

 

<?php

Expand Down

Tag

#wordpress