Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-45641: WordPress Caret Country Access Limit plugin <= 1.0.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Caret Inc. Caret Country Access Limit plugin <= 1.0.2 versions.

CVE
#csrf#vulnerability#wordpress#auth
CVE-2023-45653: WordPress Video Playlist For YouTube plugin <= 6.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Galaxy Weblinks Video Playlist For YouTube plugin <= 6.0 versions.

CVE-2023-45651: WordPress WP Attachments plugin <= 5.0.6 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Marco Milesi WP Attachments plugin <= 5.0.6 versions.

CVE-2023-4620

The Booking Calendar WordPress plugin before 9.7.3.1 does not sanitize and escape some of its booking from data, allowing unauthenticated users to perform Stored Cross-Site Scripting attacks against administrators

CVE-2023-4827

The File Manager Pro WordPress plugin before 1.8 does not properly check the CSRF nonce in the `fs_connector` AJAX action. This allows attackers to make highly privileged users perform unwanted file system actions via CSRF attacks by using GET requests, such as uploading a web shell.

CVE-2023-45656: WordPress Lazy Load for Videos plugin <= 2.18.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Kevin Weber Lazy Load for Videos plugin <= 2.18.2 versions.

CVE-2023-45654: WordPress Comments Ratings plugin <= 1.1.7 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Pixelgrade Comments Ratings plugin <= 1.1.7 versions.

CVE-2023-45650: WordPress HTML5 Maps plugin <= 1.7.1.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Fla-shop.Com HTML5 Maps plugin <= 1.7.1.4 versions.

CVE-2023-45629: WordPress Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 - Multiple Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in wpdevart Gallery – Image and Video Gallery with Thumbnails plugin <= 2.0.3 versions.

CVE-2023-45605: WordPress Feed Statistics plugin <= 4.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Christopher Finke Feed Statistics plugin <= 4.1 versions.