Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

creativemotion

Source -

CNA

BOS Name -

N/A

CNA CVEs -

3

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

0
Related CVEsRelated ProductsRelated AssignersReports
3Vulnerabilities found
CVE-2024-13338
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.00%
||
7 Day CHG~0.00%
Published-12 Apr, 2025 | 06:37
Updated-08 Jul, 2025 | 18:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Webcraftic Clearfy – WordPress optimization plugin <= 2.3.1 - Cross-Site Request Forgery to Clear Cache

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.1. This is due to missing or incorrect nonce validation on the wclearfy_cache_delete functionality . This makes it possible for unauthenticated attackers to clear the cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-cm-wpcreativemotion
Product-clearfyClearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-13337
Assigner-Wordfence
ShareView Details
Assigner-Wordfence
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.95%
||
7 Day CHG~0.00%
Published-12 Apr, 2025 | 06:37
Updated-08 Jul, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Webcraftic Clearfy – WordPress optimization plugin <= 2.3.2 - Cross-Site Request Forgery to Plugin Settings Update via 'setup-wbcr_clearfy'

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcr_clearfy' page. This makes it possible for unauthenticated attackers to update the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

Action-Not Available
Vendor-cm-wpcreativemotion
Product-clearfyClearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2024-43215
Assigner-Patchstack
ShareView Details
Assigner-Patchstack
CVSS Score-4.3||MEDIUM
EPSS-0.11% / 30.11%
||
7 Day CHG+0.02%
Published-01 Nov, 2024 | 14:17
Updated-01 Nov, 2024 | 20:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Social Slider Feed plugin <= 2.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in creativemotion Social Slider Feed allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Social Slider Feed: from n/a through 2.2.2.

Action-Not Available
Vendor-creativemotion
Product-Social Slider Feed
CWE ID-CWE-862
Missing Authorization