Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-40008: WordPress Simple Org Chart plugin <= 2.3.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Gangesh Matta Simple Org Chart plugin <= 2.3.4 versions.

CVE
Open in Source
#csrf#vulnerability#wordpress#auth
CVE-2023-4469: Profile Extra Fields by BestWebSoft <= 1.2.7 - Missing Authorization to Sensitive Information Exposure — Wordfence Intelligence

The Profile Extra Fields by BestWebSoft plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the prflxtrflds_export_file function in versions up to, and including, 1.2.7. This makes it possible for unauthenticated attackers to expose potentially sensitive user data, including data entered into custom fields.

CVE-2015-10126

A vulnerability classified as critical was found in Easy2Map Photos Plugin 1.0.1 on WordPress. This vulnerability affects unknown code. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading to version 1.1.0 is able to address this issue. The patch is identified as 503d9ee2482d27c065f78d9546f076a406189908. It is recommended to upgrade the affected component. VDB-241318 is the identifier assigned to this vulnerability.

CVE-2023-40556: WordPress Schedule Posts Calendar plugin <= 5.2 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Greg Ross Schedule Posts Calendar plugin <= 5.2 versions.

CVE-2015-10125: Release 3.7.3: Trivial change · wp-plugins/wp-ultimate-csv-importer

A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability.

CVE-2023-40559: WordPress Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Dynamic Pricing and Discount Rules for WooCommerce plugin <= 2.4.0 versions.

CVE-2023-40561: WordPress Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Enhanced Ecommerce Google Analytics for WooCommerce plugin <= 3.7.1 versions.

CVE-2023-27433: WordPress Make Paths Relative plugin <= 1.3.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in YAS Global Team Make Paths Relative plugin <= 1.3.0 versions.

CVE-2023-37995: WordPress WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Chetan Gole WP-CopyProtect [Protect your blog posts] plugin <= 3.1.0 versions.

CVE-2023-25980: WordPress Optimize Database after Deleting Revisions plugin <= 5.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in CAGE Web Design | Rolf van Gelder Optimize Database after Deleting Revisions plugin <= 5.1 versions.