Security
Headlines
HeadlinesLatestCVEs

Source

CVE

CVE-2023-39989: WordPress Header Footer Code Manager plugin <= 1.1.34 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.

CVE
Open in Source
#csrf#vulnerability#wordpress#auth
CVE-2023-39917: WordPress Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.

CVE-2023-39165: WordPress Sign-up Sheets plugin <= 2.2.8 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions.

CVE-2023-25989: WordPress Meks Video Importer plugin <= 1.0.10 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget, Meks Smart Social Widget plugins leading to dismiss or the popup.

CVE-2023-2830: WordPress WP Testimonials plugin <= 1.4.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.

CVE-2023-40210: WordPress SB Child List plugin <= 4.5 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions.

CVE-2023-5351: SuiteCRM 7.14.1 Release · salesagility/SuiteCRM@c43eaa3

Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.

CVE-2023-4097: Multiple Vulnerabilities Idm Sistemas Qsige | INCIBE-CERT

The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.