Total
7225 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-10109 | 1 Cincopa | 1 Video And Media Plug-in | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in Video Playlist and Gallery Plugin up to 1.136 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the file wp-media-cincopa.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.137 is able to address this issue. The name of the patch is ee28e91f4d5404905204c43b7b84a8ffecad932e. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230264. | |||||
| CVE-2015-10081 | 1 Submitbymailplugin Project | 1 Submitbymailplugin | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in arnoldle submitByMailPlugin 1.0b2.9 and classified as problematic. This issue affects some unknown processing of the file edit_list.php. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. Upgrading to version 1.0b2.9a is able to address this issue. The patch is named a739f680a1623d22f52ff1371e86ca472e63756f. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-221495. | |||||
| CVE-2015-10125 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability classified as problematic has been found in WP Ultimate CSV Importer Plugin 3.7.2 on WordPress. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.7.3 is able to address this issue. The identifier of the patch is 13c30af721d3f989caac72dd0f56cf0dc40fad7e. It is recommended to upgrade the affected component. The identifier VDB-241317 was assigned to this vulnerability. | |||||
| CVE-2015-10116 | 1 Realfavicongenerator | 1 Favicon By Realfavicongenerator | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability classified as problematic has been found in RealFaviconGenerator Favicon Plugin up to 1.2.12 on WordPress. This affects the function install_new_favicon of the file admin/class-favicon-by-realfavicongenerator-admin.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 1.2.13 is able to address this issue. The identifier of the patch is 949a1ae7216216350458844f50a72f100b56d4e7. It is recommended to upgrade the affected component. The identifier VDB-230661 was assigned to this vulnerability. | |||||
| CVE-2014-125028 | 1 Valtech | 1 Idp Test Clients | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148. | |||||
| CVE-2013-10027 | 1 Wordpress | 1 Blogger Importer | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in Blogger Importer Plugin up to 0.5 on WordPress. It has been classified as problematic. Affected is the function start/restart of the file blogger-importer.php. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 0.6 is able to address this issue. The patch is identified as b83fa4f862b0f19a54cfee76060ec9c2e7f7ca70. It is recommended to upgrade the affected component. VDB-230658 is the identifier assigned to this vulnerability. | |||||
| CVE-2013-10025 | 1 Exit Strategy Project | 1 Exit Strategy | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in Exit Strategy Plugin 1.55 on WordPress and classified as problematic. Affected by this issue is the function exitpageadmin of the file exitpage.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Upgrading to version 1.59 is able to address this issue. The patch is identified as d964b8e961b2634158719f3328f16eda16ce93ac. It is recommended to upgrade the affected component. VDB-225266 is the identifier assigned to this vulnerability. | |||||
| CVE-2013-10029 | 1 Angrybte | 1 Wordpress Exit Box Lite | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability classified as problematic was found in Exit Box Lite Plugin up to 1.06 on WordPress. Affected by this vulnerability is the function exitboxadmin of the file wordpress-exit-box-lite.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. Upgrading to version 1.10 is able to address this issue. The patch is named fad26701addb862c51baf85c6e3cc136aa79c309. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-230671. | |||||
| CVE-2012-10012 | 1 Bestwebsoft | 1 Facebook Button | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability has been found in BestWebSoft Facebook Like Button up to 2.13 and classified as problematic. Affected by this vulnerability is the function fcbk_bttn_plgn_settings_page of the file facebook-button-plugin.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The patch is named 33144ae5a45ed07efe7fceca901d91365fdbf7cb. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-225355. | |||||
| CVE-2012-10010 | 1 Bestwebsoft | 1 Contact Form | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in BestWebSoft Contact Form 3.21. It has been classified as problematic. This affects the function cntctfrm_settings_page of the file contact_form.php. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 3.22 is able to address this issue. The identifier of the patch is 8398d96ff0fe45ec9267d7259961c2ef89ed8005. It is recommended to upgrade the affected component. The identifier VDB-225321 was assigned to this vulnerability. | |||||
| CVE-2012-10015 | 1 Bestwebsoft | 1 Twitter | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in BestWebSoft Twitter Plugin up to 2.14 on WordPress. It has been classified as problematic. Affected is the function twttr_settings_page of the file twitter.php of the component Settings Page. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. Upgrading to version 2.15 is able to address this issue. The patch is identified as a6d4659cbb2cbf18ccb0fb43549d5113d74e0146. It is recommended to upgrade the affected component. VDB-230154 is the identifier assigned to this vulnerability. | |||||
| CVE-2012-10017 | 1 Bestwebsoft | 1 Portfolio | 2024-05-17 | N/A | 8.8 HIGH |
| A vulnerability was found in BestWebSoft Portfolio Plugin up to 2.04 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Upgrading to version 2.06 is able to address this issue. The patch is named 68af950330c3202a706f0ae9bbb52ceaa17dda9d. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-248955. | |||||
| CVE-2023-6022 | 1 Prefect | 1 Prefect | 2024-05-15 | N/A | 8.8 HIGH |
| Cross-Site Request Forgery (CSRF) in GitHub repository prefecthq/prefect prior to 2.16.5. | |||||
| CVE-2024-34816 | 2024-05-14 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Revmakx WPCal.Io – Easy Meeting Scheduler.This issue affects WPCal.Io – Easy Meeting Scheduler: from n/a through 0.9.5.8. | |||||
| CVE-2024-34817 | 2024-05-14 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms.This issue affects Integration for Pipedrive and Contact Form 7, WPForms, Elementor, Ninja Forms: from n/a through 1.2.0. | |||||
| CVE-2024-34427 | 2024-05-14 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Huseyin Berberoglu WP Favorite Posts.This issue affects WP Favorite Posts: from n/a through 1.6.8. | |||||
| CVE-2024-34828 | 2024-05-14 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Andy Moyle Church Admin.This issue affects Church Admin: from n/a through 4.1.32. | |||||
| CVE-2024-34818 | 2024-05-14 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in WebinarPress.This issue affects WebinarPress: from n/a through 1.33.17. | |||||
| CVE-2024-34557 | 2024-05-14 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.5.4. | |||||
| CVE-2024-34827 | 2024-05-14 | N/A | N/A | ||
| Cross-Site Request Forgery (CSRF) vulnerability in Cozmoslabs, Razvan Mocanu, Madalin Ungureanu, Cristophor Hurduban TranslatePress.This issue affects TranslatePress: from n/a through 2.7.5. | |||||