Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2021-4413: Process Steps Template Designer <= 1.2.1 - Cross-Site Request Forgery Bypass — Wordfence Intelligence

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE
Open in Source
#vulnerability#wordpress#intel#perl#auth
CVE-2021-4412: WP Prayer <= 1.6.5 - Cross-Site Request Forgery Bypass — Wordfence Intelligence

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save() and export() functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a data export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2021-4417: Changeset 2368977 for forminator/trunk/library/class-export.php – WordPress Plugin Repository

The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule() function. This makes it possible for unauthenticated attackers to export form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-34029: WordPress Disable WordPress Update Notifications plugin <= 2.3.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3 versions.

CVE-2023-35044: WordPress Securimage-WP plugin <= 3.6.16 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <= 3.6.16 versions.

CVE-2023-35773: WordPress Template Debugger plugin <= 3.1.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin <= 3.1.2 versions.

CVE-2023-35091: WordPress Stock Manager for WooCommerce plugin <= 2.10.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions.

CVE-2023-32104: WordPress MyCurator Content Curation plugin <= 3.74 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Mark Tilly MyCurator Content Curation plugin <= 3.74 versions.

CVE-2023-36522: WordPress Quiz Expert plugin <= 1.5.0 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions.