| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in Adrian Moreno WP Lyrics allows Stored XSS.This issue affects WP Lyrics: from n/a through 0.4.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map allows Stored XSS.This issue affects Simple Travel Map: from n/a through 0.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Themefuse ThemeFuse Maintenance Mode allows Stored XSS.This issue affects ThemeFuse Maintenance Mode: from n/a through 1.1.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Mike “Mikeage” Miller Hebrew Date allows Stored XSS.This issue affects Hebrew Date: from n/a through 2.1.0. |
| The LoginPress | wp-login Custom Login Page Customizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the 'custom_plugin_set_option' function. This makes it possible for unauthenticated attackers to update arbitrary options on the WordPress site via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. This can be leveraged to update the default role for registration to administrator and enable user registration for attackers to gain administrative user access to a vulnerable site. The 'WPBRIGADE_SDK__DEV_MODE' constant must be set to 'true' to exploit the vulnerability. |
| Cross-Site Request Forgery (CSRF) vulnerability in John Dagelmore WPSpeed allows Cross Site Request Forgery. This issue affects WPSpeed: from n/a through 2.6.5. |
| Cross-Site Request Forgery (CSRF) vulnerability in P. Roy WP Revisions Manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through 1.0.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in Jason Funk Title Experiments Free allows Cross Site Request Forgery.This issue affects Title Experiments Free: from n/a through 9.0.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in fuzzoid 3DPrint Lite allows Cross Site Request Forgery. This issue affects 3DPrint Lite: from n/a through 2.1.3.5. |
| Cross-Site Request Forgery (CSRF) vulnerability in Posti Posti Shipping allows Cross Site Request Forgery.This issue affects Posti Shipping: from n/a through 3.10.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Tom Landis Fancy Roller Scroller allows Stored XSS.This issue affects Fancy Roller Scroller: from n/a through 1.4.0. |
| Cross-Site Request Forgery (CSRF) vulnerability in Shayan Farhang Pazhooh ShayanWeb Admin FontChanger allows Stored XSS. This issue affects ShayanWeb Admin FontChanger: from n/a through 1.8.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in flipdish Flipdish Ordering System allows Cross Site Request Forgery. This issue affects Flipdish Ordering System: from n/a through 1.4.16. |
| Cross-Site Request Forgery (CSRF) vulnerability in WP Corner Quick Event Calendar allows Cross Site Request Forgery. This issue affects Quick Event Calendar: from n/a through 1.4.9. |
| Cross-Site Request Forgery (CSRF) vulnerability in Ichi translit it! allows Stored XSS. This issue affects translit it!: from n/a through 1.6. |
| Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Add image to Post allows Stored XSS.This issue affects Add image to Post: from n/a through 0.6. |
| Cross-Site Request Forgery (CSRF) vulnerability in RudeStan VKontakte Wall Post allows Stored XSS.This issue affects VKontakte Wall Post: from n/a through 2.0. |
| A vulnerability classified as problematic was found in idcCMS 1.35. Affected by this vulnerability is an unknown functionality of the file /admin/admin_cl.php?mudi=revPwd. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-261991. |
| Cross-Site Request Forgery (CSRF) vulnerability in Sourov Amin Word Freshener allows Stored XSS.This issue affects Word Freshener: from n/a through 1.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in sbouey Falang multilanguage allows Cross Site Request Forgery. This issue affects Falang multilanguage: from n/a through 1.3.61. |
