Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-4342: Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass — Wordfence Intelligence

Over 70 plugins and themes were vulnerable to Cross-Site Request Forgery due to improperly implemented nonce protection that could be bypassed.

CVE
Open in Source
#vulnerability#google#wordpress#intel#perl#auth

Showing 1-20 of 68 affected software packages

Search affected software packages

Software Type

Plugin

Software Slug

wd-google-analytics (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 1.2.9, or a newer patched version

Affected Version

  • < 1.2.9

Patched Version

  • 1.2.9

Software Type

Plugin

Software Slug

woocommerce-abandoned-cart (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 5.8.6, or a newer patched version

Affected Version

  • <= 5.8.5

Patched Version

  • 5.8.6

Software Type

Plugin

Software Slug

woo-abandoned-cart-recovery (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 1.0.4.1, or a newer patched version

Affected Version

  • <= 1.0.4

Patched Version

  • 1.0.4.1

Software Type

Plugin

Software Slug

absolute-reviews (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 1.0.9, or a newer patched version

Affected Version

  • <= 1.0.8

Patched Version

  • 1.0.9

Software Type

Plugin

Software Slug

advanced-popups (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 1.1.2, or a newer patched version

Affected Version

  • <= 1.1.1

Patched Version

  • 1.1.2

Software Type

Plugin

Software Slug

amministrazione-trasparente (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 7.1.1, or a newer patched version

Affected Version

  • <= 7.1

Patched Version

  • 7.1.1

Software Type

Plugin

Software Slug

better-search (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 2.5.3, or a newer patched version

Affected Version

  • <= 2.5.2

Patched Version

  • 2.5.3

Software Type

Plugin

Software Slug

nifty-coming-soon-and-under-construction-page (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 1.58, or a newer patched version

Affected Version

  • <= 1.57

Patched Version

  • 1.58

Software Type

Plugin

Software Slug

contact-form-7-style (view on wordpress.org)

Patched?

No

Remediation

No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Affected Version

  • <= 3.2

Software Type

Plugin

Software Slug

cool-timeline (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 2.0.3, or a newer patched version

Affected Version

  • < 2.0.3

Patched Version

  • 2.0.3

Software Type

Plugin

Software Slug

coupon-creator (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 3.1.1, or a newer patched version

Affected Version

  • < 3.1.1

Patched Version

  • 3.1.1

Software Type

Plugin

Software Slug

custom-banners (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 3.3, or a newer patched version

Affected Version

  • <= 3.2.2

Patched Version

  • 3.3

Software Type

Plugin

Software Slug

custom-css (view on wordpress.org)

Patched?

No

Remediation

No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Affected Version

  • <= 2.0.7

Software Type

Plugin

Software Slug

custom-field-template (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 2.5.2, or a newer patched version

Affected Version

  • < 2.5.2

Patched Version

  • 2.5.2

Software Type

Theme

Software Slug

customizr (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 4.3.1, or a newer patched version

Affected Version

  • <= 4.3.0

Patched Version

  • 4.3.1

Software Type

Plugin

Software Slug

defender-security (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 2.4.6.1, or a newer patched version

Affected Version

  • <= 2.4.6

Patched Version

  • 2.4.6.1

Software Type

Plugin

Software Slug

dokan-lite (view on wordpress.org)

Patched?

Yes

Remediation

Update to one of the following versions, or a newer patched version: 3.0.9, 3.2.1

Affected Version

  • < 3.0.9

Patched Versions

  • 3.0.9
  • 3.2.1

Software Type

Plugin

Software Slug

dw-question-answer (view on wordpress.org)

Patched?

No

Remediation

No known patch available. Please review the vulnerability’s details in depth and employ mitigations based on your organization’s risk tolerance. It may be best to uninstall the affected software and find a replacement.

Affected Version

  • <= 1.5.7

Software Type

Plugin

Software Slug

easy-testimonials (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 3.7, or a newer patched version

Affected Version

  • < 3.7

Patched Version

  • 3.7

Software Type

Plugin

Software Slug

ecommerce-product-catalog (view on wordpress.org)

Patched?

Yes

Remediation

Update to version 2.9.44, or a newer patched version

Affected Version

  • < 2.9.44

Patched Version

  • 2.9.44

  • 1

  • 2

  • 3

  • 4

  • »

This record contains material that is subject to copyright.

Copyright 2012-2023 Defiant Inc.

License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant’s copyright designation and this license in any such copy. Read more.

Copyright 1999-2023 The MITRE Corporation

License: CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE’s copyright designation and this license in any such copy. Read more.

Have information to add, or spot any errors? Contact us at [email protected] so we can make any appropriate adjustments.

All the threat data shared in this database is powered by Wordfence Intelligence Enterprise.
Interested in integrating this data into your platform or network?
Contact us now to discuss API access to our Wordfence Intelligence Enterprise Data Feeds.

Inquire Now

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE