Cross-Site Request Forgery (CSRF) vulnerability in David Stöckl Custom Header Images plugin <= 1.2.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Dang Ngoc Binh Easy Call Now by ThikShare plugin <= 1.1.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Peter Sterling Add Local Avatar.This issue affects Add Local Avatar: from n/a through 12.1.
Cross-Site Request Forgery (CSRF) vulnerability in Djo Original texts Yandex WebMaster plugin <= 1.18 versions.
Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords.This issue affects Plainview Protect Passwords: from n/a through 1.4.
Missing Authorization, Cross-Site Request Forgery (CSRF) vulnerability in AWeber AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth allows Accessing Functionality Not Properly Constrained by ACLs, Cross-Site Request Forgery.This issue affects AWeber – Free Sign Up Form and Landing Page Builder Plugin for Lead Generation and Email Newsletter Growth: from n/a through 7.3.9.
Cross-Site Request Forgery (CSRF) vulnerability in Infinite Uploads Big File Uploads – Increase Maximum File Upload Size plugin <= 2.1.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Serena Villa Auto Excerpt everywhere plugin <= 1.5 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0.
Cross-Site Request Forgery (CSRF) vulnerability in Simple Calendar – Google Calendar Plugin <= 3.2.5 versions.
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /variable/update.
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/label/delete.
Cross-Site Request Forgery (CSRF) vulnerability in Fluenx DeepL API translation plugin <= 2.3.9.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Country Access Limit plugin <= 1.0.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Lasso Simple URLs plugin <= 120 versions.
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/user/add.
Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Manager plugin <= 1.10.04 versions.
Cross-Site Request Forgery (CSRF) vulnerability in AdFoxly AdFoxly – Ad Manager, AdSense Ads & Ads.Txt.This issue affects AdFoxly – Ad Manager, AdSense Ads & Ads.Txt: from n/a through 1.8.5.
Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole Smooth Scroll Links [SSL] plugin <= 1.1.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Anurag Deshmukh CPT Shortcode Generator plugin <= 1.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Gilles Dumas which template file plugin <= 4.6.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Mat Bao Corp WP Helper Premium plugin <= 4.5.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in automatededitor.Com Automated Editor plugin <= 1.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WebAppick Challan webappick-pdf-invoice-for-woocommerce allows Privilege Escalation.This issue affects Challan: from n/a through <= 3.7.58.
Cross-Site Request Forgery (CSRF) vulnerability in MailMunch Constant Contact Forms by MailMunch plugin <= 2.0.10 versions.
Cross-Site Request Forgery (CSRF) vulnerability in WebDorado WDSocialWidgets plugin <= 1.0.15 versions.
Cross-Site Request Forgery (CSRF) vulnerability in realmag777 WOLF – WordPress Posts Bulk Editor and Manager Professional plugin <= 1.0.7.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Codex-m Sort SearchResult By Title plugin <= 10.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke Feed Statistics plugin <= 4.1 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Hitsteps Hitsteps Web Analytics plugin <= 5.86 versions.
Cross-Site Request Forgery (CSRF) vulnerability in PixelGrade PixFields plugin <= 0.7.0 versions.
Cross-Site Request Forgery (CSRF) vulnerability in SendPulse SendPulse Free Web Push plugin <= 1.3.1 versions.
The Style Kits plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.0. This is due to missing or incorrect nonce validation on the update_posts_stylekit() function. This makes it possible for unauthenticated attackers to update style kits for posts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/variable/add.
Cross-Site Request Forgery (CSRF) vulnerability in AWESOME TOGI Product Category Tree plugin <= 2.5 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Qwerty23 Rocket Font plugin <= 1.2.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Load for Videos plugin <= 2.18.2 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Bala Krishna, Sergey Yakovlev Category SEO Meta Tags plugin <= 2.5 versions.
Cross-Site Request Forgery (CSRF) vulnerability in euPago Eupago Gateway For Woocommerce plugin <= 3.1.9 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Novo-media Novo-Map : your WP posts on custom google maps plugin <= 1.1.2 versions.
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin\/category\/add.
Cross-Site Request Forgery (CSRF) vulnerability in Scientech It Solution Appointment Calendar plugin <= 2.9.6 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Mahlamusa Who Hit The Page – Hit Counter plugin <= 1.4.14.3 versions.
Cross-Site Request Forgery (CSRF) vulnerability in PINPOINT.WORLD Pinpoint Booking System plugin <= 2.9.9.4.0 versions.
Dreamer CMS v4.1.3 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/attachment/delete.
Cross-Site Request Forgery (CSRF) vulnerability in Pixelative, Mohsin Rafique AMP WP – Google AMP For WordPress plugin <= 1.5.15 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Niels van Renselaar Open Graph Metabox plugin <= 1.4.4 versions.
ZenTao Biz version 4.1.3 and before is vulnerable to Cross Site Request Forgery (CSRF).
Cross-Site Request Forgery (CSRF) vulnerability in Wpmet Wp Ultimate Review plugin <= 2.2.4 versions.
Cross-Site Request Forgery (CSRF) vulnerability in Matt McKenny Stout Google Calendar plugin <= 1.2.3 versions.