Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-27457: WordPress Add Expires Headers & Optimized Minify plugin <= 2.7 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Passionate Brains Add Expires Headers & Optimized Minify plugin <= 2.7 versions.

CVE
Open in Source
#csrf#vulnerability#wordpress#auth
CVE-2023-27451: WordPress Instant Images <= 5.1.0.2 - Auth. Server-Side Request Forgery (SSRF) vulnerability - Patchstack

Server-Side Request Forgery (SSRF) vulnerability in Darren Cooney Instant Images plugin <= 5.1.0.2 versions.

CVE-2023-27444: WordPress DecaLog plugin <= 3.7.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Pierre Lannoy / PerfOps One DecaLog plugin <= 3.7.0 versions.

CVE-2023-27442: WordPress Leyka plugin <= 3.29.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Teplitsa of social technologies Leyka plugin <= 3.29.2 versions.

CVE-2023-26535: WordPress Sheets To WP Table Live Sync plugin <= 2.12.15 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in WPPOOL Sheets To WP Table Live Sync plugin <= 2.12.15 versions.

CVE-2023-26532: WordPress Social Auto Poster plugin <= 2.1.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in AccessPress Themes Social Auto Poster plugin <= 2.1.4 versions.

CVE-2023-28749: WordPress CM On Demand Search And Replace plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in CreativeMindsSolutions CM On Demand Search And Replace plugin <= 1.3.0 versions.

CVE-2023-2447: UserPro <= 5.1.1 - Cross-Site Request Forgery to Sensitive Information Exposure — Wordfence Intelligence

The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link.