ByteOS Network

Vulnerability Details :

CVE-2024-37438

Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3

Published At-02 Jan, 2025 | 13:31

Updated At-02 Jan, 2025 | 14:21

WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Uncanny Owl Uncanny Toolkit Pro for LearnDash allows Cross Site Request Forgery.This issue affects Uncanny Toolkit Pro for LearnDash: from n/a before 4.1.4.1.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:Patchstack

Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3

Published At:02 Jan, 2025 | 13:31

Updated At:02 Jan, 2025 | 14:21

▼CVE Numbering Authority (CNA)

WordPress Uncanny Toolkit Pro for LearnDash plugin < 4.1.4.1 - Cross Site Request Forgery (CSRF) vulnerability

Affected Products

Vendor

Uncanny Owl Inc.

Product

Uncanny Toolkit Pro for LearnDash

Default Status

unaffected

Versions

Affected

From n/a before 4.1.4.1 (custom)
- -> unaffectedfrom4.1.4.1

Problem Types

Type	CWE ID	Description
CWE	CWE-352	CWE-352 Cross-Site Request Forgery (CSRF)

Type: CWE

CWE ID: CWE-352

Description: CWE-352 Cross-Site Request Forgery (CSRF)

Metrics

Version	Base score	Base severity	Vector
3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Impacts

CAPEC ID	Description
CAPEC-62	CAPEC-62 Cross Site Request Forgery

CAPEC ID: CAPEC-62

Description: CAPEC-62 Cross Site Request Forgery

Solutions

Update the WordPress Uncanny Toolkit Pro for LearnDash plugin to the latest available version (at least 4.1.4.1).

Credits

finder

Dave Jong (Patchstack)

References

Hyperlink	Resource
https://patchstack.com/database/wordpress/plugin/uncanny-toolkit-pro/vulnerability/wordpress-uncanny-toolkit-pro-for-learndash-plugin-4-1-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	vdb-entry

Hyperlink: https://patchstack.com/database/wordpress/plugin/uncanny-toolkit-pro/vulnerability/wordpress-uncanny-toolkit-pro-for-learndash-plugin-4-1-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve

Resource:

vdb-entry

▼Authorized Data Publishers (ADP)

CISA ADP Vulnrichment

Metrics Other Info

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:audit@patchstack.com

Published At:02 Jan, 2025 | 14:15

Updated At:02 Jan, 2025 | 14:15

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	5.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Type: Secondary

Version: 3.1

Base score: 5.4

Base severity: MEDIUM

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L

Weaknesses

CWE ID	Type	Source
CWE-352	Primary	audit@patchstack.com

CWE ID: CWE-352

Type: Primary

Source: audit@patchstack.com

References

Hyperlink	Source	Resource
https://patchstack.com/database/wordpress/plugin/uncanny-toolkit-pro/vulnerability/wordpress-uncanny-toolkit-pro-for-learndash-plugin-4-1-4-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve	audit@patchstack.com	N/A

Source: audit@patchstack.com

Resource: N/A

Similar CVEs

498Records found

CVE-2023-41732

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.38%

7 Day CHG~0.00%

Published-06 Oct, 2023 | 14:44

Updated-19 Sep, 2024 | 14:58

WordPress CP Blocks Plugin <= 1.0.20 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in CodePeople CP Blocks plugin <= 1.0.20 versions.

Vendor-CodePeople

Product-cp_blocks CP Blocks

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-41670

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-09 Oct, 2023 | 18:30

Updated-18 Sep, 2024 | 20:36

WordPress Use Memcached Plugin <= 1.0.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Palasthotel (in person: Edward Bock) Use Memcached plugin <= 1.0.4 versions.

Vendor-palasthotel Palasthotel (in person: Edward Bock)

Product-use_memcached Use Memcached

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2025-46231

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.03% / 8.13%

7 Day CHG~0.00%

Published-22 Apr, 2025 | 09:53

Updated-30 Apr, 2025 | 16:29

WordPress affiliate-toolkit <= 3.7.3 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in SERVIT Software Solutions affiliate-toolkit allows Cross Site Request Forgery. This issue affects affiliate-toolkit: from n/a through 3.7.3.

Vendor-servit SERVIT Software Solutions

Product-affiliate-toolkit affiliate-toolkit

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-41693

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 13:11

Updated-20 Sep, 2024 | 13:14

WordPress MyCryptoCheckout Plugin <= 2.125 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions.

Vendor-plainviewplugins edward_plainview

Product-mycryptocheckout MyCryptoCheckout

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-41801

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-06 Oct, 2023 | 14:48

Updated-25 Sep, 2024 | 14:33

WordPress AWP Classifieds Plugin <= 4.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in AWP Classifieds Team Ad Directory & Listings by AWP Classifieds plugin <= 4.3 versions.

Vendor-Strategy11

Product-awp_classifieds Ad Directory & Listings by AWP Classifieds

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-41854

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 29.40%

7 Day CHG~0.00%

Published-10 Oct, 2023 | 08:46

Updated-17 Sep, 2024 | 19:34

WordPress wpCentral Plugin <= 1.5.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Softaculous Ltd. WpCentral plugin <= 1.5.7 versions.

Vendor-wpcentral Softaculous Ltd.

Product-wpcentral wpCentral

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-41668

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-09 Oct, 2023 | 17:47

Updated-18 Sep, 2024 | 20:39

WordPress Leadster Plugin <= 1.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Leadster plugin <= 1.1.2 versions.

Vendor-leadster Leadster

Product-leadster Leadster

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-41950

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-06 Oct, 2023 | 14:57

Updated-19 Sep, 2024 | 15:22

WordPress Laposta Signup Basic Plugin <= 1.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Laposta - Roel Bousardt Laposta Signup Basic plugin <= 1.4.1 versions.

Vendor-laposta Laposta - Roel Bousardt

Product-laposta_signup_basic Laposta Signup Basic

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-41654

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.38%

7 Day CHG~0.00%

Published-06 Oct, 2023 | 14:36

Updated-19 Sep, 2024 | 14:46

WordPress authLdap Plugin <= 2.5.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Andreas Heigl authLdap plugin <= 2.5.8 versions.

Vendor-heigl Andreas Heigl

Product-authldap authLdap

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-40561

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-04 Oct, 2023 | 13:55

Updated-19 Sep, 2024 | 14:48

Enhanced Ecommerce Google Analytics for WooCommerce

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions.

Vendor-multidots theDotstore

Product-enhanced_ecommerce_google_analytics_for_woocommerce Enhanced Ecommerce Google Analytics for WooCommerce

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2021-36861

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.10% / 27.83%

7 Day CHG~0.00%

Published-05 Aug, 2022 | 15:08

Updated-20 Feb, 2025 | 20:13

WordPress Rich Reviews by Starfish plugin <= 1.9.14 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in Rich Reviews by Starfish plugin <= 1.9.14 at WordPress allows an attacker to delete reviews.

Vendor-starfish Starfish Reviews

Product-rich_review Rich Reviews by Starfish (WordPress plugin)

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-39989

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 29.40%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 11:17

Updated-19 Sep, 2024 | 20:25

WordPress Header Footer Code Manager Plugin <= 1.1.34 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.

Vendor-draftpress 99robots

Product-header_footer_code_manager Header Footer Code Manager

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-40199

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 29.40%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 12:33

Updated-20 Sep, 2024 | 13:15

WordPress WP Like Button Plugin <= 1.7.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions.

Vendor-crudlab CRUDLab

Product-wp_like_button WP Like Button

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-40198

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 13.99%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 12:29

Updated-20 Sep, 2024 | 13:15

WordPress Easy Cookie Law Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions.

Vendor-antsanchez Antsanchez

Product-easy_cookie_law Easy Cookie Law

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-40009

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 13.99%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 12:45

Updated-20 Sep, 2024 | 13:18

WordPress WP Pipes Plugin <= 1.4.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions.

Vendor-ThimPress (PhysCode)

Product-wp_pipes WP Pipes

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-39925

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-22 Nov, 2023 | 18:44

Updated-01 Oct, 2024 | 15:49

WordPress Community by PeepSo Plugin <= 6.1.6.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PeepSo Download Community by PeepSo plugin <= 6.1.6.0 versions.

Vendor-peepso PeepSo

Product-peepso Download Community by PeepSo

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-40558

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 13:29

Updated-23 Sep, 2024 | 17:18

WordPress Video Gallery & Management Plugin <= 3.3.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.

Vendor-emarketdesign eMarket Design

Product-youtube_video_gallery YouTube Video Gallery by YouTube Showcase

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-39923

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 29.40%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 11:05

Updated-19 Sep, 2024 | 20:46

WordPress The Post Grid Plugin <= 7.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions.

Vendor-radiustheme RadiusTheme

Product-the_post_grid The Post Grid

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-40210

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 29.40%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 11:27

Updated-20 Sep, 2024 | 13:16

WordPress SB Child List Plugin <= 4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions.

Vendor-sean-barton Sean Barton (Tortoise IT)

Product-sb_child_list SB Child List

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-39165

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 29.40%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 11:09

Updated-19 Sep, 2024 | 20:45

WordPress Sign-up Sheets Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions.

Vendor-fetchdesigns Fetch Designs

Product-sign-up_sheets Sign-up Sheets

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2021-39198

Matching Score-4

Assigner-GitHub, Inc.

View Details

Matching Score-4

Assigner-GitHub, Inc.

CVSS Score-4.2||MEDIUM

EPSS-0.11% / 29.41%

7 Day CHG~0.00%

Published-19 Nov, 2021 | 21:30

Updated-04 Aug, 2024 | 01:58

The disqualify lead action may be executed without CSRF token check

OroCRM is an open source Client Relationship Management (CRM) application. Affected versions we found to suffer from a vulnerability which could an attacker is able to disqualify any Lead with a Cross-Site Request Forgery (CSRF) attack. There are no workarounds that address this vulnerability and all users are advised to update their package.

Vendor-oroinc oroinc

Product-client_relationship_management crm

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2025-46498

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.03% / 6.40%

7 Day CHG+0.01%

Published-24 Apr, 2025 | 16:09

Updated-29 Apr, 2025 | 13:52

WordPress Zalo Official Live Chat <= 1.0.0 - Cross Site Request Forgery (CSRF) Vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in nghialuu Zalo Official Live Chat allows Cross Site Request Forgery. This issue affects Zalo Official Live Chat: from n/a through 1.0.0.

Vendor-nghialuu

Product-Zalo Official Live Chat

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-38512

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-27 Jul, 2023 | 13:26

Updated-25 Sep, 2024 | 16:58

WordPress WpStream – Live Streaming, Video on Demand, Pay Per View Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Wpstream WpStream – Live Streaming, Video on Demand, Pay Per View plugin <= 4.5.4 versions.

Vendor-wpstream Wpstream

Product-wpstream WpStream – Live Streaming, Video on Demand, Pay Per View

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-37996

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.12% / 30.96%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 09:48

Updated-19 Feb, 2025 | 21:22

WordPress GTmetrix for WordPress Plugin <= 0.4.7 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions.

Vendor-gtmetrix GTmetrix

Product-gtmetrix GTmetrix for WordPress

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-37387

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-18 Jul, 2023 | 12:14

Updated-27 Sep, 2024 | 12:41

WordPress Classified Listing Plugin <= 2.4.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme Classified Listing plugin <= 2.4.5 versions.

Vendor-radiustheme RadiusTheme

Product-classified_listing Classified Listing

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-38381

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.12% / 30.96%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 09:55

Updated-20 Sep, 2024 | 13:16

WordPress WP-FlyBox Plugin <= 6.46 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions.

Vendor-wp-flybox_project Cyle Conoly

Product-wp-flybox WP-FlyBox

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-38396

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 29.40%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 10:22

Updated-20 Sep, 2024 | 19:03

WordPress Google Map Shortcode Plugin <= 3.1.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions.

Vendor-Alain Gonzalez

Product-google-map-shortcode google-map-shortcode

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-37392

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.06% / 18.50%

7 Day CHG~0.00%

Published-10 Jul, 2023 | 15:50

Updated-07 Oct, 2024 | 18:58

WordPress WP Dummy Content Generator Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Deepak Anand WP Dummy Content Generator plugin <= 2.3.0 versions.

Vendor-wp_dummy_content_generator_project Deepak Anand

Product-wp_dummy_content_generator WP Dummy Content Generator

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-37391

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 13.99%

7 Day CHG~0.00%

Published-11 Jul, 2023 | 09:45

Updated-19 Feb, 2025 | 21:28

WordPress WordPress Mobile Pack Plugin <= 3.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WPMobilePack.Com WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps plugin <= 3.4.1 versions.

Vendor-wpmobilepack WPMobilePack.com

Product-wordpress_mobile_pack WordPress Mobile Pack – Mobile Plugin for Progressive Web Apps & Hybrid Mobile Apps

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-37992

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.11% / 29.40%

7 Day CHG~0.00%

Published-03 Oct, 2023 | 09:43

Updated-19 Feb, 2025 | 21:22

WordPress Smarty for WordPress Plugin <= 3.1.35 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.

Vendor-presspage PressPage Entertainment Inc.

Product-smarty_for_wordpress Smarty for WordPress

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-37968

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-17 Jul, 2023 | 14:56

Updated-19 Feb, 2025 | 21:27

WordPress Falang multilanguage Plugin <= 1.3.39 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Faboba Falang multilanguage for WordPress plugin <= 1.3.39 versions.

Vendor-faboba Faboba

Product-falang Falang multilanguage for WordPress

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-37973

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-18 Jul, 2023 | 12:27

Updated-26 Sep, 2024 | 15:12

WordPress Replace Word Plugin <= 2.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in David Pokorny Replace Word plugin <= 2.1 versions.

Vendor-replace_word_project David Pokorny

Product-replace_word Replace Word

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-37386

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-18 Jul, 2023 | 12:06

Updated-25 Sep, 2024 | 17:02

WordPress Media Library Helper by Codexin Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Media Library Helper plugin <= 1.2.0 versions.

Vendor-codexin

Product-media_library_helper Media Library Helper

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-37974

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-17 Jul, 2023 | 15:00

Updated-30 Sep, 2024 | 14:37

WordPress WP-FB-AutoConnect Plugin <= 4.6.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Justin Klein WP Social AutoConnect plugin <= 4.6.1 versions.

Vendor-wp_social_autoconnect_project Justin Klein

Product-wp_social_autoconnect WP Social AutoConnect

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-36513

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-17 Jul, 2023 | 14:26

Updated-30 Sep, 2024 | 14:38

WordPress AutomateWoo Plugin <= 5.7.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce AutomateWoo plugin <= 5.7.5 versions.

Vendor-WooCommerce

Product-automatewoo AutomateWoo

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-36691

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.10% / 28.09%

7 Day CHG~0.00%

Published-10 Jul, 2023 | 15:43

Updated-07 Oct, 2024 | 19:14

WordPress WebwinkelKeur Plugin <= 3.24 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Albert Peschar WebwinkelKeur plugin <= 3.24 versions.

Vendor-webwinkelkeur_project Albert Peschar

Product-webwinkelkeur WebwinkelKeur

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-36687

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 13.99%

7 Day CHG~0.00%

Published-11 Jul, 2023 | 10:01

Updated-11 Oct, 2024 | 15:05

WordPress Menubar Plugin <= 5.8.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Tarantini Menubar plugin <= 5.8.2 versions.

Vendor-dontdream Andrea Tarantini

Product-menubar Menubar

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-34373

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-19 Jun, 2023 | 12:33

Updated-18 Oct, 2024 | 14:31

WordPress Zephyr Project Manager Plugin <= 3.3.93 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Dylan James Zephyr Project Manager plugin <= 3.3.93 versions.

Vendor-zephyr_project_manager_project Dylan James

Product-zephyr_project_manager Zephyr Project Manager

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-35781

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-11 Jul, 2023 | 07:58

Updated-11 Oct, 2024 | 16:08

WordPress LWS Cleaner Plugin <= 2.3.0 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in LWS Cleaner plugin <= 2.3.0 versions.

Vendor-lws LWS

Product-lws_cleaner LWS Cleaner

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-35096

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-17 Jul, 2023 | 13:35

Updated-30 Sep, 2024 | 14:40

WordPress myCred Plugin <= 2.5 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in myCred plugin <= 2.5 versions.

Vendor-mycred myCred

Product-mycred myCred

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-35038

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-17 Jul, 2023 | 13:26

Updated-07 Oct, 2024 | 15:12

WordPress WP PDF Generator Plugin <= 1.2.2 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in wpexperts.Io WP PDF Generator plugin <= 1.2.2 versions.

Vendor-wpexperts wpexperts.io

Product-wp_pdf_generator WP PDF Generator

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-35774

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-11 Jul, 2023 | 08:05

Updated-11 Oct, 2024 | 15:06

WordPress LWS Tools Plugin <= 2.4.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in LWS LWS Tools plugin <= 2.4.1 versions.

Vendor-lws LWS

Product-lws_tools LWS Tools

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-34384

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.06% / 18.50%

7 Day CHG~0.00%

Published-13 Nov, 2023 | 00:58

Updated-29 Aug, 2024 | 13:34

WordPress Kebo Twitter Feed Plugin <= 1.5.12 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Kebo Kebo Twitter Feed plugin <= 1.5.12 versions.

Vendor-kebo_twitter_feed_project Kebo

Product-kebo_twitter_feed Kebo Twitter Feed

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-3409

Matching Score-4

Assigner-Wordfence

View Details

Matching Score-4

Assigner-Wordfence

CVSS Score-5.4||MEDIUM

EPSS-0.03% / 7.82%

7 Day CHG~0.00%

Published-17 Aug, 2024 | 08:37

Updated-13 Sep, 2024 | 14:34

Bricks <= 1.8.1 - Cross-Site Request Forgery via reset_settings

The Bricks theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.1. This is due to missing or incorrect nonce validation on the 'reset_settings' function. This makes it possible for unauthenticated attackers to reset the theme's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Vendor-bricksbuilder Bricks Builder

Product-bricks Bricks

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-33316

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-28 May, 2023 | 18:01

Updated-01 Nov, 2024 | 12:59

WordPress WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in WooCommerce WooCommerce Follow-Up Emails (AutomateWoo) plugin <= 4.9.40 versions.

Vendor-WooCommerce

Product-automatewoo WooCommerce Follow-Up Emails (AutomateWoo)

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-33214

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 16.46%

7 Day CHG~0.00%

Published-18 Dec, 2023 | 15:48

Updated-28 Aug, 2024 | 14:04

WordPress Taggbox Plugin <= 3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Tagbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics.This issue affects Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics: from n/a through 3.1.

Vendor-taggbox Tagbox

Product-taggbox Tagbox – UGC Galleries, Social Media Widgets, User Reviews & Analytics

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-33314

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-28 May, 2023 | 17:29

Updated-08 Nov, 2024 | 18:30

WordPress BEAR Plugin <= 1.1.3.1 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in realmag777 BEAR plugin <= 1.1.3.1 versions.

Vendor-PluginUs.Net (RealMag777)

Product-bear_-_woocommerce_bulk_editor_and_products_manager_professional BEAR

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-34015

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%

7 Day CHG~0.00%

Published-11 Jul, 2023 | 08:36

Updated-11 Oct, 2024 | 15:05

WordPress Advanced Flat rate shipping Woocommerce Plugin <= 1.6.4.4 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin <= 1.6.4.4 versions.

Vendor-piwebsolution PI Websolution

Product-advanced-free-flat-shipping-woocommerce Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping

CWE ID-CWE-352

Cross-Site Request Forgery (CSRF)

CVE-2023-33315

Matching Score-4

Assigner-Patchstack

View Details

Matching Score-4

Assigner-Patchstack

CVSS Score-5.4||MEDIUM

EPSS-0.05% / 15.37%