Cross-Site Request Forgery (CSRF) vulnerability in Tim Whitlock Loco Translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through 2.6.9.
Cross-Site Request Forgery (CSRF) vulnerability in Rara Theme JobScout allows Cross Site Request Forgery.This issue affects JobScout: from n/a through 1.1.4.
Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions.
Tuleap is an Open Source Suite for management of software development and collaboration. Tuleap Community Edition versions below 17.0.99.1762444754 and Tuleap Enterprise Edition versions prior to 17.0-2, 16.13-7 and 16.12-10 allow attackers trick victims into changing tracker general settings. This issue is fixed in version Tuleap Community Edition version 17.0.99.1762444754 and Tuleap Enterprise Edition versions 17.0-2, 16.13-7 and 16.12-10.
Cross-Site Request Forgery (CSRF) vulnerability in momen2009 Theme Changer allows Cross Site Request Forgery. This issue affects Theme Changer: from n/a through 1.3.
Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez WP RSS Images plugin <= 1.1 versions.
A vulnerability was found in withstars Books-Management-System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /reader_delete.html. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
Cross-Site Request Forgery (CSRF) vulnerability in Kemal YAZICI - PluginPress Shortcode IMDB plugin <= 6.0.8 versions.
A vulnerability, which was classified as problematic, has been found in HadSky 7.11.8. Affected by this issue is some unknown functionality of the component User Handler. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-233372.
Cross-Site Request Forgery (CSRF) vulnerability in Neha Goel Recent Posts Slider plugin <= 1.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Merv Barrett Import into Easy Property Listings allows Cross Site Request Forgery.This issue affects Import into Easy Property Listings: from n/a through 2.2.1.
Cross-Site Request Forgery (CSRF) vulnerability in Kevon Adonis WP Abstracts plugin <= 2.6.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Saad Iqbal Post Snippets allows Cross Site Request Forgery.This issue affects Post Snippets: from n/a through 4.0.11.
Cross-Site Request Forgery (CSRF) vulnerability in Danny Hearnah - ChubbyNinjaa Template Debugger plugin <= 3.1.2 versions.
Mattermost versions 11.0.x <= 11.0.4, 10.12.x <= 10.12.2, 10.11.x <= 10.11.6 and Mattermost Calls versions <=1.10.0 fail to implement CSRF protection on the Calls widget page which allows an authenticated attacker to initiate calls and inject messages into channels or direct messages via a malicious webpage or crafted link
Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Donations for WooCommerce plugin <= 1.1.9 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce PayPal Payments plugin <= 2.0.4 versions.
Cross-Site Request Forgery (CSRF) vulnerability in OOPSpam OOPSpam Anti-Spam plugin <= 1.1.44 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WePupil Quiz Expert plugin <= 1.5.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Andy Whalen Galleria plugin <= 1.0.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Order Barcodes plugin <= 1.6.4 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Ciprian Popescu YouTube Playlist Player plugin <= 4.6.4 versions.
Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3 versions.
The HL Twitter WordPress plugin through 2014.1.18 does not have CSRF check when unlinking twitter accounts, which could allow attackers to make logged in admins perform such actions via a CSRF attack
CSRF in admin/reply-ticket.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to reply to any ticket, given the id, via a crafted request.
Cross-Site Request Forgery (CSRF) vulnerability in StoreApps Stock Manager for WooCommerce plugin <= 2.10.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in AREOI All Bootstrap Blocks plugin <= 1.3.6 versions.
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions.
Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <= 2.0.10 versions.
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <= 3.6.16 versions.
The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including enabling a setting which allows lower-privileged users such as contributors to perform code execution, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Cross-site request forgery (CSRF) vulnerability in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote attackers to add and edit publication comments.
Cross-Site Request Forgery (CSRF) vulnerability in Flashyapp WP Flashy Marketing Automation wp-flashy-marketing-automation allows Cross Site Request Forgery.This issue affects WP Flashy Marketing Automation: from n/a through <= 2.0.8.
CSRF in admin/manage-articles.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete an article via a crafted request.
CSRF in admin/manage-departments.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a department via a crafted request.
Piwigo 13.6.0 is vulnerable to Cross Site Request Forgery (CSRF) in the "add tags" function.
A cross-site request forgery (CSRF) vulnerability in Jenkins Tag Profiler Plugin 0.2 and earlier allows attackers to reset profiler statistics.
Cross-Site Request Forgery (CSRF) vulnerability in ProteusThemes Custom Sidebars by ProteusThemes custom-sidebars-by-proteusthemes allows Cross Site Request Forgery.This issue affects Custom Sidebars by ProteusThemes: from n/a through <= 1.0.3.
Cross-Site Request Forgery (CSRF) vulnerability in ThemeinProgress WIP Custom Login plugin <= 1.2.9 versions.
A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job.
CSRF in admin/edit-template.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to edit an article template, given the id, via a crafted request.
A cross-site request forgery (CSRF) vulnerability in Jenkins LDAP Plugin allows attackers to connect to an attacker-specified LDAP server using attacker-specified credentials.
The Subscribers Text Counter WordPress plugin before 1.7.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, which also lead to Stored Cross-Site Scripting due to the lack of sanitisation and escaping
Cross-site request forgery (CSRF) vulnerability in TS Webfonts for SAKURA 3.1.2 and earlier allows a remote unauthenticated attacker to hijack the authentication of a user and to change settings by having a user view a malicious page.
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.15.2 does not have CRSF check when deleting a shipment, allowing attackers to make any logged in user, delete arbitrary shipment via a CSRF attack
Cross-Site Request Forgery (CSRF) vulnerability in PingOnline Dyslexiefont Free plugin <= 1.0.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Made with Fuel Better Notifications for WP plugin <= 1.9.2 versions.