The Email Keep WordPress plugin through 1.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
The wp-cart-for-digital-products WordPress plugin before 8.5.5 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
The Joy Of Text Lite WordPress plugin through 2.3.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF a
The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
The Free Booking Plugin for Hotels, Restaurants and Car Rentals WordPress plugin before 1.3.15 does not have CSRF check in place when updating its settings, which could allow attackers to make a logg
The wp-eMember WordPress plugin before 10.6.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks
The WP MultiTasking WordPress plugin through 0.1.12 does not have CSRF check when updating its permalink suffix settings, which could allow attackers to make logged admins perform such action via a C
The Ultimate Noindex Nofollow Tool WordPress plugin through 1.1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a
The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery (CSRF) in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settin
The Court Reservation WordPress plugin before 1.10.9 does not have CSRF check in place when deleting events, which could allow attackers to make a logged in admin delete them via a CSRF attack
The File Provider WordPress plugin through 1.2.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
The Altra Side Menu WordPress plugin through 2.0 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary menu via a CSRF attack
The WP Finance WordPress plugin through 1.3.6 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored X
The AZIndex WordPress plugin through 0.8.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin delete arbitrary indexes via a CSRF attack
The GTPayment Donations WordPress plugin through 1.0.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add
The WP eCommerce WordPress plugin through 3.15.1 does not have CSRF check in place when deleting coupons, which could allow attackers to make a logged in admin remove them via a CSRF attack
The XV Random Quotes WordPress plugin through 1.40 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin reset them via a CSRF attack
The AZIndex WordPress plugin through 0.8.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS
The Cost Calculator Builder WordPress plugin before 3.2.43 does not have CSRF checks in some AJAX actions, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks