Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-47553: WordPress UserHeat Plugin plugin <= 1.1.6 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in User Local Inc UserHeat Plugin.This issue affects UserHeat Plugin: from n/a through 1.1.6.

CVE
Open in Source
#csrf#vulnerability#wordpress#auth
CVE-2023-47672: WordPress WP Category Post List Widget plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget.This issue affects WP Category Post List Widget: from n/a through 2.0.3.

CVE-2023-47671: WordPress Vertical scroll recent post plugin <= 14.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0.

CVE-2023-47667: WordPress WP Full Stripe Free plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 1.6.1.

CVE-2023-47664: WordPress Plainview Protect Passwords plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords.This issue affects Plainview Protect Passwords: from n/a through 1.4.

CVE-2023-47666: WordPress Code Snippets plugin <= 3.5.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0.

CVE-2023-47685: WordPress Preloader Matrix plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1.

CVE-2023-47670: WordPress Korea SNS plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.This issue affects Korea SNS: from n/a through 1.6.3.

CVE-2023-6187: Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload — Wordfence Intelligence

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.

CVE-2023-4214: AppPresser <= 4.2.5 - Insecure Password Reset Mechanism — Wordfence Intelligence

The AppPresser plugin for WordPress is vulnerable to unauthorized password resets in versions up to, and including 4.2.5. This is due to the plugin generating too weak a reset code, and the code used to reset the password has no attempt or time limit.