| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The ThePerfectWedding.nl Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8. This is due to missing or incorrect nonce validation on the 'update_option' function. This makes it possible for unauthenticated attackers to update the 'tpwKey' option with stored cross-site scripting via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in Phuc Pham Multiple Admin Emails allows Cross Site Request Forgery.This issue affects Multiple Admin Emails: from n/a through 1.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through 1.0.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in alexvtn WIP WooCarousel Lite allows Stored XSS. This issue affects WIP WooCarousel Lite: from n/a through 1.1.7. |
| The dejure.org Vernetzungsfunktion plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.97.5. This is due to missing or incorrect nonce validation on the djo_einstellungen_menue() function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in Ref CheckBot allows Stored XSS.This issue affects CheckBot: from n/a through 1.05. |
| Path Traversal: '.../...//' vulnerability in DeluxeThemes Userpro allows Path Traversal.This issue affects Userpro: from n/a through 5.1.9. |
| Cross-Site Request Forgery (CSRF) vulnerability in eDoc Intelligence LLC eDoc Easy Tables allows Blind SQL Injection.This issue affects eDoc Easy Tables: from n/a through 1.29. |
| Unauthenticated Cross Site Request Forgery (CSRF) in Salon booking system <= 10.16 versions. |
| Cross-Site Request Forgery (CSRF) vulnerability in Apollo13Themes Rife Free allows Cross Site Request Forgery.This issue affects Rife Free: from n/a through 2.4.18. |
| Cross-Site Request Forgery (CSRF) vulnerability in Musa AVCI Önceki Yazı Link allows Cross Site Request Forgery. This issue affects Önceki Yazı Link: from n/a through 1.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Joshua Eldridge Easy CountDowner allows Stored XSS.This issue affects Easy CountDowner: from n/a through 1.0.8.
|
| The Reactflow Visitor Recording and Heatmaps plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.10. This is due to missing or incorrect nonce validation affecting the _wpnonce parameter. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in Oren hahiashvili add custom google tag manager allows Stored XSS.This issue affects add custom google tag manager: from n/a through 1.0.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in ctltwp Wiki Embed allows Cross Site Request Forgery. This issue affects Wiki Embed: from n/a through 1.4.6. |
| Cross-Site Request Forgery (CSRF) vulnerability in Hossni Mubarak Cool Author Box allows Cross Site Request Forgery. This issue affects Cool Author Box: from n/a through 3.0.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in Walter Cerrudo MFPlugin allows Stored XSS.This issue affects MFPlugin: from n/a through 1.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in LOOS,Inc. Arkhe allows PHP Local File Inclusion. This issue affects Arkhe: from n/a through 3.11.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Insertify allows Code Injection.This issue affects Insertify: from n/a through 1.1.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in Tim Whitlock Loco Translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through 2.6.9. |
