Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2024-1910

Summary
Assigner-Wordfence
Assigner Org ID-b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At-27 Feb, 2024 | 11:05
Updated At-01 Aug, 2024 | 18:56
Rejected At-
Credits

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Wordfence
Assigner Org ID:b15e7b5b-3da4-40ae-a43c-f7aa60e62599
Published At:27 Feb, 2024 | 11:05
Updated At:01 Aug, 2024 | 18:56
Rejected At:
▼CVE Numbering Authority (CNA)

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Affected Products
Vendor
frenify
Product
Categorify – WordPress Media Library Category & File Manager
Default Status
unaffected
Versions
Affected
  • From * through 1.0.7.4 (semver)
Problem Types
TypeCWE IDDescription
N/AN/ACWE-352 Cross-Site Request Forgery (CSRF)
Type: N/A
CWE ID: N/A
Description: CWE-352 Cross-Site Request Forgery (CSRF)
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
finder
Francesco Carlucci
Timeline
EventDate
Vendor Notified2024-01-11 00:00:00
Disclosed2024-02-26 00:00:00
Event: Vendor Notified
Date: 2024-01-11 00:00:00
Event: Disclosed
Date: 2024-02-26 00:00:00
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve
N/A
https://plugins.trac.wordpress.org/changeset/3034410/categorify
N/A
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve
Resource: N/A
Hyperlink: https://plugins.trac.wordpress.org/changeset/3034410/categorify
Resource: N/A
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve
x_transferred
https://plugins.trac.wordpress.org/changeset/3034410/categorify
x_transferred
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve
Resource:
x_transferred
Hyperlink: https://plugins.trac.wordpress.org/changeset/3034410/categorify
Resource:
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security@wordfence.com
Published At:27 Feb, 2024 | 11:15
Updated At:07 Jan, 2025 | 14:33

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxClearCategory function. This makes it possible for unauthenticated attackers to clear categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.14.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
CPE Matches
frenify
frenify
>>categorify>>Versions before 1.0.7.5(exclusive)
cpe:2.3:a:frenify:categorify:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-352Primarynvd@nist.gov
CWE ID: CWE-352
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://plugins.trac.wordpress.org/changeset/3034410/categorifysecurity@wordfence.com
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cvesecurity@wordfence.com
Third Party Advisory
https://plugins.trac.wordpress.org/changeset/3034410/categorifyaf854a3a-2127-422b-91ae-364da2661108
Patch
https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cveaf854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/changeset/3034410/categorify
Source: security@wordfence.com
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://plugins.trac.wordpress.org/changeset/3034410/categorify
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/b1c2712d-0865-4759-98da-1e11a26f2466?source=cve
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

2068Records found
CVE-2022-47144
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.06% / 18.26%
||
7 Day CHG+0.01%
Published-25 May, 2023 | 11:42
Updated-08 Jan, 2025 | 21:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mediamatic – Media Library Folders Plugin <= 2.8.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Plugincraft Mediamatic – Media Library Folders plugin <= 2.8.1 versions.

Action-Not Available
Vendor-frenifyPlugincraft
Product-mediamaticMediamatic – Media Library Folders
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-1912
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.86%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 11:05
Updated-07 Jan, 2025 | 14:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxUpdateFolderPosition function. This makes it possible for unauthenticated attackers to update the folder position of categories as well as update the metadata of other taxonomies via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-frenifyfrenify
Product-categorifyCategorify – WordPress Media Library Category & File Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-1907
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.86%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 11:05
Updated-07 Jan, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxDeleteCategory function. This makes it possible for unauthenticated attackers to delete categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-frenifyfrenify
Product-categorifyCategorify – WordPress Media Library Category & File Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-1909
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.86%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 11:05
Updated-07 Jan, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxRenameCategory function. This makes it possible for unauthenticated attackers to rename categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-frenifyfrenify
Product-categorifyCategorify – WordPress Media Library Category & File Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-1906
Matching Score-10
Assigner-Wordfence
ShareView Details
Matching Score-10
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 26.86%
||
7 Day CHG~0.00%
Published-27 Feb, 2024 | 11:05
Updated-07 Jan, 2025 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-frenifyfrenify
Product-categorifyCategorify – WordPress Media Library Category & File Manager
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-0294
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-8.8||HIGH
EPSS-0.10% / 27.22%
||
7 Day CHG~0.00%
Published-13 Jan, 2023 | 19:46
Updated-07 Nov, 2023 | 04:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Mediamatic – Media Library Folders plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on its AJAX actions function. This makes it possible for unauthenticated attackers to change image categories used by the plugin, via forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-frenifyplugincraft
Product-mediamaticMediamatic – Media Library Folders
CVE-2023-45654
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.17%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:46
Updated-16 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Comments Ratings Plugin <= 1.1.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.

Action-Not Available
Vendor-pixelgradePixelgrade
Product-comments_ratingComments Ratings
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45063
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:41
Updated-17 Sep, 2024 | 13:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress AI Content Writing Assistant (Content Writer, ChatGPT, Image Generator) All in One Plugin <= 1.1.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions.

Action-Not Available
Vendor-rayhan1ReCorp
Product-ai_content_writing_assistantAI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46087
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.17%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 14:28
Updated-16 Sep, 2024 | 14:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Who Hit The Page – Hit Counter Plugin <= 1.4.14.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin <= 1.4.14.3 versions.

Action-Not Available
Vendor-mahlamusaMahlamusa
Product-who_hit_the_page_hit_counterWho Hit The Page – Hit Counter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45655
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.19% / 41.07%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:49
Updated-16 Sep, 2024 | 14:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress PixFields Plugin <= 0.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.

Action-Not Available
Vendor-pixelgradePixelGrade
Product-pixfieldsPixFields
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-34028
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-22 Jun, 2023 | 14:21
Updated-18 Oct, 2024 | 13:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WOLF Plugin <= 1.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7 versions.

Action-Not Available
Vendor-PluginUs.Net (RealMag777)
Product-wolf_-_wordpress_posts_bulk_editor_and_manager_professionalWOLF – WordPress Posts Bulk Editor and Manager Professional
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-35044
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.54%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 12:13
Updated-07 Oct, 2024 | 17:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Securimage-WP Plugin <= 3.6.16 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Drew Phillips Securimage-WP plugin <= 3.6.16 versions.

Action-Not Available
Vendor-securimage-wp-fixed_projectDrew Phillips
Product-securimage-wp-fixedSecurimage-WP
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-7645
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.07% / 20.11%
||
7 Day CHG~0.00%
Published-09 Aug, 2024 | 16:00
Updated-19 Aug, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Clinics Patient Management System User Page users.php cross-site request forgery

A vulnerability was found in SourceCodester Clinics Patient Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file users.php of the component User Page. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-clinic\'s_patient_management_systemClinics Patient Management Systemclinics_patient_management_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-3408
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.18% / 39.66%
||
7 Day CHG~0.00%
Published-17 Aug, 2024 | 08:37
Updated-13 Sep, 2024 | 14:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bricks <= 1.8.1 - Cross-Site Request Forgery via save_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'save_settings' function. This makes it possible for unauthenticated attackers to modify the theme's settings, including enabling a setting which allows lower-privileged users such as contributors to perform code execution, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-bricksbuilderBricks Builder
Product-bricksBricks
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45011
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 12:12
Updated-17 Sep, 2024 | 13:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Power Stats Plugin <= 2.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions.

Action-Not Available
Vendor-websivuIgor Buyanov
Product-wp_power_statsWP Power Stats
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46067
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.18%
||
7 Day CHG~0.00%
Published-21 Oct, 2023 | 20:28
Updated-11 Sep, 2024 | 20:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Rocket Font Plugin <= 1.2.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.

Action-Not Available
Vendor-qwerty23Qwerty23
Product-rocket_fontRocket Font
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45748
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.17%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 10:01
Updated-16 Sep, 2024 | 14:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress MailChimp Forms by MailMunch Plugin <= 3.1.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in MailMunch MailChimp Forms by MailMunch plugin <= 3.1.4 versions.

Action-Not Available
Vendor-mailmunchMailMunch
Product-mailchimp_formsMailChimp Forms by MailMunch
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46085
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-22 Oct, 2023 | 21:11
Updated-11 Sep, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Wp Ultimate Review Plugin <= 2.2.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions.

Action-Not Available
Vendor-wpmetWpmet
Product-wp_ultimate_reviewWp Ultimate Review
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-34378
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 22.23%
||
7 Day CHG~0.00%
Published-13 Nov, 2023 | 01:02
Updated-29 Aug, 2024 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Hide Post Plugin <= 2.0.10 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in scriptburn.Com WP Hide Post plugin <= 2.0.10 versions.

Action-Not Available
Vendor-scriptburnscriptburn.com
Product-wp_hide_postWP Hide Post
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-35089
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-17 Jul, 2023 | 13:31
Updated-07 Oct, 2024 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Recipe Maker For Your Food Blog from Zip Recipes Plugin <= 8.0.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Really Simple Plugins Recipe Maker For Your Food Blog from Zip Recipes plugin <= 8.0.7 versions.

Action-Not Available
Vendor-really-simple-pluginsReally Simple Plugins
Product-recipe_maker_for_your_food_blog_from_zip_recipesRecipe Maker For Your Food Blog from Zip Recipes
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-34029
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.54%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 12:25
Updated-19 Feb, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Disable WordPress Update Notifications Plugin <= 2.3.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Prem Tiwari Disable WordPress Update Notifications and auto-update Email Notifications plugin <= 2.3.3 versions.

Action-Not Available
Vendor-disable_wordpress_update_notifications_and_auto-update_email_notifications_projectPrem Tiwari
Product-disable_wordpress_update_notifications_and_auto-update_email_notificationsDisable WordPress Update Notifications and auto-update Email Notifications
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-9689
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.1||MEDIUM
EPSS-0.20% / 42.28%
||
7 Day CHG+0.02%
Published-05 Nov, 2024 | 06:00
Updated-20 Dec, 2024 | 18:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Post From Frontend <= 1.0.0 - Post Deletion via CSRF

The Post From Frontend WordPress plugin through 1.0.0 does not have CSRF check when deleting posts, which could allow attackers to make logged in admin perform such action via a CSRF attack

Action-Not Available
Vendor-shaonUnknownshaon
Product-post_from_frontendPost From Frontendpost_from_frontend
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45606
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.17%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:29
Updated-16 Sep, 2024 | 15:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple URLs Plugin <= 120 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.

Action-Not Available
Vendor-getlassoLasso
Product-simple_urlsSimple URLs
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44993
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 10:11
Updated-12 May, 2025 | 15:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ChatBot Plugin <= 4.7.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in QuantumCloud AI ChatBot plugin <= 4.7.8 versions.

Action-Not Available
Vendor-quantumcloudQuantumCloud
Product-wpbotAI ChatBot
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45108
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.45%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 12:03
Updated-16 Sep, 2024 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Mailrelay Plugin <= 2.1.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions.

Action-Not Available
Vendor-mailrelayMailrelay
Product-mailrelayMailrelay
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-24966
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:08
Updated-03 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Copyscape Premium plugin <= 1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Copyscape Copyscape Premium copyscape-premium allows Cross Site Request Forgery.This issue affects Copyscape Premium: from n/a through <= 1.4.1.

Action-Not Available
Vendor-Copyscape
Product-Copyscape Premium
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-46089
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-22 Oct, 2023 | 21:14
Updated-11 Sep, 2024 | 14:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Userback Plugin <= 1.0.13 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Lee Le @ Userback Userback plugin <= 1.0.13 versions.

Action-Not Available
Vendor-userbackLee Le @ Userback
Product-userbackUserback
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-26216
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.16% / 37.03%
||
7 Day CHG~0.00%
Published-18 Mar, 2021 | 15:44
Updated-03 Aug, 2024 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php.

Action-Not Available
Vendor-seeddmsn/a
Product-seeddmsn/a
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44476
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.17%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 14:28
Updated-18 Sep, 2024 | 16:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress CopyRightPro Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions.

Action-Not Available
Vendor-wp-copyrightproAndres Felipe Perea V.
Product-wp-copyrightproCopyRightPro
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45653
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.15% / 35.17%
||
7 Day CHG~0.00%
Published-16 Oct, 2023 | 08:43
Updated-16 Sep, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Video Playlist For YouTube Plugin <= 6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0 versions.

Action-Not Available
Vendor-galaxyweblinksGalaxy Weblinks
Product-video_playlist_for_youtubeVideo Playlist For YouTube
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24818
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-13 Dec, 2021 | 10:41
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Limits <= 1.0 - Plugin's Settings Update via CSRF

The WP Limits WordPress plugin through 1.0 does not have CSRF check when saving its settings, allowing attacker to make a logged in admin change them, which could make the blog unstable by setting low values

Action-Not Available
Vendor-wp_limits_projectUnknown
Product-wp_limitsWp Limits
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24572
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.28%
||
7 Day CHG~0.00%
Published-01 Nov, 2021 | 08:46
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paypal Donation < 1.3.1 - CSRF to Arbitrary Post Deletion

The Accept Donations with PayPal WordPress plugin before 1.3.1 provides a function to create donation buttons which are internally stored as posts. The deletion of a button is not CSRF protected and there is no control to check if the deleted post was a button post. As a result, an attacker could make logged in admins delete arbitrary posts

Action-Not Available
Vendor-wppluginUnknown
Product-accept_donations_with_paypalAccept Donations with PayPal
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-34185
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.30%
||
7 Day CHG~0.00%
Published-11 Jul, 2023 | 11:17
Updated-19 Feb, 2025 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress NextGen GalleryView Plugin <= 0.5.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in John Brien WordPress NextGen GalleryView plugin <= 0.5.5 versions.

Action-Not Available
Vendor-wordpress_nextgen_galleryview_projectJohn Brien
Product-wordpress_nextgen_galleryviewWordPress NextGen GalleryView
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-24942
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-03 Feb, 2026 | 14:08
Updated-03 Feb, 2026 | 18:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WpEvently plugin <= 5.1.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in magepeopleteam WpEvently mage-eventpress allows Cross Site Request Forgery.This issue affects WpEvently: from n/a through <= 5.1.1.

Action-Not Available
Vendor-MagePeople
Product-WpEvently
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24799
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-01 Nov, 2021 | 08:46
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Far Future Expiry Header < 1.5 - Plugin's Settings Update via CSRF

The Far Future Expiry Header WordPress plugin before 1.5 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

Action-Not Available
Vendor-UnknownTips and Tricks HQ
Product-far_future_expiry_headerFar Future Expiry Header
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-8245
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 10.52%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:07
Updated-12 Jun, 2025 | 15:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
GamiPress - Reset User <= 1.0.0 - GamiPress User Data Removal via CSRF

The GamiPress WordPress plugin before 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-gamipressUnknown
Product-gamipress_-_reset_userGamiPress
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2026-24432
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-5.1||MEDIUM
EPSS-0.02% / 3.19%
||
7 Day CHG~0.00%
Published-26 Jan, 2026 | 17:46
Updated-28 Jan, 2026 | 20:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tenda W30E V2 Missing CSRF Protections for Administrative Actions

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.19(5037) lack cross-site request forgery (CSRF) protections on administrative endpoints, including those used to change administrator account credentials. As a result, an attacker can craft malicious requests that, when triggered by an authenticated user’s browser, modify administrative passwords and other configuration settings.

Action-Not Available
Vendor-Shenzhen Tenda Technology Co., Ltd.Tenda Technology Co., Ltd.
Product-w30ew30e_firmwareW30E V2
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24776
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-17 Nov, 2021 | 10:15
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Performance Score Booster < 2.1 - Settings Change via CSRF

The WP Performance Score Booster WordPress plugin before 2.1 does not have CSRF check when saving its settings, which could allow attackers to make a logged in admin change them via a CSRF attack.

Action-Not Available
Vendor-wp_performance_score_booster_projectUnknown
Product-wp_performance_score_boosterWP Performance Score Booster – Optimize Speed, Enable Cache & Page Preload
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-45106
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-12 Oct, 2023 | 14:57
Updated-17 Sep, 2024 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Urvanov Syntax Highlighter Plugin <= 2.8.33 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions.

Action-Not Available
Vendor-urvanovFedor Urvanov, Aram Kocharyan
Product-urvanov_syntax_highlighterUrvanov Syntax Highlighter
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-7661
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-6.9||MEDIUM
EPSS-0.16% / 37.04%
||
7 Day CHG~0.00%
Published-11 Aug, 2024 | 03:31
Updated-15 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
SourceCodester Car Driving School Management System index.php save_users cross-site request forgery

A vulnerability was found in SourceCodester Car Driving School Management System 1.0. It has been classified as problematic. This affects the function save_users of the file admin/user/index.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-oretnom23SourceCodester
Product-car_driving_school_management_systemCar Driving School Management Systemcar_driving_school_management_system
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24586
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.70%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:56
Updated-03 Aug, 2024 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Per Page Add to Head < 1.4.4 - CSRF to Stored XSS

The Per page add to head WordPress plugin before 1.4.4 is lacking any CSRF check when saving its settings, which could allow attackers to make a logged in admin change them. Furthermore, as the plugin allows arbitrary HTML to be inserted in one of the setting (feature mentioned by the plugin), this could lead to Stored XSS issue which will be triggered either in the backend, frontend or both depending on the payload used.

Action-Not Available
Vendor-evonaUnknown
Product-per_page_add_to_headPer page add to head
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24431
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.70%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:56
Updated-03 Aug, 2024 | 19:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Language Bar Flags <= 1.0.8 - CSRF to Stored XSS

The Language Bar Flags WordPress plugin through 1.0.8 does not have any CSRF in place when saving its settings and did not sanitise or escape them when generating the flag bar in the frontend. This could allow attackers to make a logged in admin change the settings, and set Cross-Site Scripting payload in them, which will be executed in the frontend for all users

Action-Not Available
Vendor-language_bar_flags_projectUnknown
Product-language_bar_flagsLanguage Bar Flags
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24913
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-28 Feb, 2022 | 09:06
Updated-03 Aug, 2024 | 19:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Logo Showcase with Slick Slider < 2.0.1 - Arbitrary Media Title/Description/Alt Text/URL Update via CSRF

The Logo Showcase with Slick Slider WordPress plugin before 2.0.1 does not have CSRF check in the lswss_save_attachment_data AJAX action, allowing attackers to make a logged in high privilege user, change title, description, alt text, and URL of arbitrary uploaded media.

Action-Not Available
Vendor-infornwebUnknown
Product-logo_showcase_with_slick_sliderLogo Showcase with Slick Slider – Logo Carousel, Logo Slider & Logo Grid
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44237
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 09:42
Updated-19 Sep, 2024 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Site Protector Plugin <= 2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions.

Action-Not Available
Vendor-moriyan_jayMoriyan Jay
Product-wp_site_protectorWP Site Protector
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24832
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-08 Nov, 2021 | 17:35
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP SEO Redirect 301 < 2.3.2 - Redirect Deletion via CSRF

The WP SEO Redirect 301 WordPress plugin before 2.3.2 does not have CSRF in place when deleting redirects, which could allow attackers to make a logged in admin delete them via a CSRF attack

Action-Not Available
Vendor-wp_seo_redirect_301_projectUnknown
Product-wp_seo_redirect_301WP SEO Redirect 301
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-4318
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 20.54%
||
7 Day CHG~0.00%
Published-11 Sep, 2023 | 19:46
Updated-23 Apr, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Herd Effects < 5.2.4 - Effect Deletion via CSRF

The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack

Action-Not Available
Vendor-wow-companyUnknown
Product-herd_effectsHerd Effects
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-7862
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.13% / 33.10%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 06:00
Updated-12 Sep, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Blog Introduction <= 0.3.0 - Settings Update via CSRF

The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

Action-Not Available
Vendor-Unknownblogintroduction_wordpress_plugin
Product-blogintroduction-wordpress-pluginblogintroduction_wordpress_plugin
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2020-36751
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.14% / 34.65%
||
7 Day CHG~0.00%
Published-20 Oct, 2023 | 07:29
Updated-11 Sep, 2024 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-jesseeproductionsbrianjessee
Product-coupon_creatorCoupon Creator
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-24725
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.3||MEDIUM
EPSS-0.10% / 28.28%
||
7 Day CHG~0.00%
Published-13 Sep, 2021 | 17:56
Updated-03 Aug, 2024 | 19:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Comment Link Remove and Other Comment Tools < 2.1.6 - Arbitrary Comment Deletion via CSRF

The Comment Link Remove and Other Comment Tools WordPress plugin before 2.1.6 does not have CSRF check in its 'Delete comments easily', which could allow attackers to make logged in admin delete arbitrary comments

Action-Not Available
Vendor-quantumcloudUnknown
Product-comment_link_remove_and_other_comment_toolsComment Link Remove and Other Comment Tools
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2023-44232
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.07% / 21.44%
||
7 Day CHG~0.00%
Published-09 Oct, 2023 | 08:43
Updated-19 Sep, 2024 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Hide Pages Plugin <= 1.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions.

Action-Not Available
Vendor-nxsnHuseyin Berberoglu
Product-wp_hide_pagesWP Hide Pages
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 41
  • 42
  • Next
Details not found