| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in Yonatan Reinberg yPHPlista allows Stored XSS.This issue affects yPHPlista: from n/a through 1.1.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Juan Carlos WP Mapa Politico España allows Cross Site Request Forgery. This issue affects WP Mapa Politico España: from n/a through 3.8.0. |
| The WP ULike – The Ultimate Engagement Toolkit for Websites plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.7.4. This is due to missing or incorrect nonce validation on the wp_ulike_delete_history_api() function. This makes it possible for unauthenticated attackers to delete engagements via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20. |
| Cross-Site Request Forgery (CSRF) vulnerability in John Godley Tidy Up allows Reflected XSS.This issue affects Tidy Up: from n/a through 1.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Ohidul Islam Challan allows Privilege Escalation. This issue affects Challan: from n/a through 3.7.58. |
| Cross-Site Request Forgery (CSRF) vulnerability in Alexander Volkov WP Nice Loader allows Stored XSS.This issue affects WP Nice Loader: from n/a through 0.1.0.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple Rating allows Stored XSS. This issue affects Simple Rating: from n/a through 1.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in giangmd93 GP Back To Top allows Cross Site Request Forgery. This issue affects GP Back To Top: from n/a through 3.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in AboZain Albanna Customize Login Page allows Cross Site Request Forgery. This issue affects Customize Login Page: from n/a through 1.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in illow illow – Cookies Consent allows Cross Site Request Forgery. This issue affects illow – Cookies Consent: from n/a through 0.2.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in Freelancelot Oceanic allows Cross Site Request Forgery.This issue affects Oceanic: from n/a through 1.0.48. |
| Cross-Site Request Forgery (CSRF) vulnerability in Cliengo – Chatbot.This issue affects Cliengo – Chatbot: from n/a through 3.0.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Scott Swezey Easy Tynt allows Cross Site Request Forgery.This issue affects Easy Tynt: from n/a through 0.2.5.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Jens Törnell WP Simple Sitemap allows Stored XSS.This issue affects WP Simple Sitemap: from n/a through 0.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals allows Cross Site Request Forgery. This issue affects Songkick Concerts and Festivals: from n/a through 0.9.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in Required Admin Menu Manager allows Cross Site Request Forgery.This issue affects Admin Menu Manager: from n/a through 1.0.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in qusupport LiveAgent allows Cross Site Request Forgery. This issue affects LiveAgent: from n/a through 4.4.7. |
| The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the update_roles() function. This makes it possible for unauthenticated attackers to add or remove roles for arbitrary users, including escalating their privileges to administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in Aaron Hodge Silver April's Call Posts allows Stored XSS.
This issue affects April's Call Posts: from n/a through 2.1.1. |
