Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Jeff Sherk Auto Login New User After Registration plugin <= 1.9.6 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Fedor Urvanov, Aram Kocharyan Urvanov Syntax Highlighter plugin <= 2.8.33 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Zizou1988 IRivYou plugin <= 2.2.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments allows Cross Site Request Forgery.This issue affects WP Attachments: from n/a through 5.0.11.
Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 Maps plugin <= 1.7.1.4 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Alexey Golubnichenko AGP Font Awesome Collection plugin <= 3.2.4 versions.
Cross-Site Request Forgery (CSRF) vulnerability in GoodBarber plugin <= 1.0.22 versions.
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the save_config() function in versions up to, and including, 4.3. This makes it possible for unauthenticated attackers to update the 'ladipage_config' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Permalinks Customizer plugin <= 2.8.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which template file plugin <= 4.6.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.
idccms v1.35 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/infoWeb_deal.php?mudi=add.
Cross-Site Request Forgery (CSRF) vulnerability in ReCorp AI Content Writing Assistant (Content Writer, GPT 3 & 4, ChatGPT, Image Generator) All in One plugin <= 1.1.5 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions.
Cross-Site Request Forgery (CSRF) vulnerability in KaizenCoders Short URL plugin <= 1.6.8 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <= 1.2.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Mailrelay plugin <= 2.1.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in XYDAC Ultimate Taxonomy Manager plugin <= 2.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.
The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflow_hook_configs' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Cross-Site Request Forgery (CSRF) vulnerability in Muller Digital Inc. Duplicate Theme plugin <= 0.1.6 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Internet Marketing Ninjas Internal Link Building plugin <= 1.2.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Dinesh Karki Block Plugin Update plugin <= 3.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Hide Pages plugin <= 1.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in josecoelho, Randy Hoyt, steveclarkcouk, Vitaliy Kukin, Eric Le Bail, Tom Ransom Category Meta plugin plugin <= 1.2.8 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Moriyan Jay WP Site Protector plugin <= 2.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Joakim Ling Remove slug from custom post type plugin <= 1.0.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Andres Felipe Perea V. CopyRightPro plugin <= 2.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Igor Buyanov WP Power Stats plugin <= 2.2.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Matias s Shockingly Simple Favicon plugin <= 1.8.2 versions.
The POEditor WordPress plugin before 0.9.8 does not have CSRF checks in various places, which could allow attackers to make logged in admins perform unwanted actions, such as reset the plugin's settings and update its API key via CSRF attacks.
The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack
Tourism Management System Version: V 3.2 is affected by: Cross Site Request Forgery (CSRF).
A vulnerability was found in Global Content Blocks Plugin 2.1.5. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely.
A vulnerability classified as problematic has been found in Atahualpa Theme. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely.
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
solidus_backend is the admin interface for the Solidus e-commerce framework. Versions prior to 3.1.6, 3.0.6, and 2.11.16 contain a cross-site request forgery (CSRF) vulnerability. The vulnerability allows attackers to change the state of an order's adjustments if they hold its number, and the execution happens on a store administrator's computer. Users should upgrade to solidus_backend 3.1.6, 3.0.6, or 2.11.16 to receive a patch.
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_stripe_disconnect_connect_stripe_account function. This makes it possible for unauthenticated attackers to deactivate the plugin's stripe integration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
The Lock User Account WordPress plugin through 1.0.3 does not have CSRF check when bulk locking and unlocking accounts, which could allow attackers to make logged in admins lock and unlock arbitrary users via a CSRF attack
The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_sendwp_remote_install_handler function. This makes it possible for unauthenticated attackers to install and activate the SendWP plugin via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
IBM CICS TX Standard 11.1, Advanced 10.1, 11.1, and TXSeries for Multiplatforms 8.1, 8.2, 9.1 are vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user that the website trusts. IBM X-Force ID: 266057.
Cross-Site Request Forgery (CSRF) vulnerability in Hardik Kalathiya WP Gallery Metabox plugin <= 1.0.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Morris Bryant, Ruben Sargsyan Outbound Link Manager plugin <= 1.2 versions.