bloofoxCMS 0.5.2.1 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions by tricking logged-in users into visiting malicious pages. Attackers can
The ShopEngine Elementor WooCommerce Builder Addon plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.5. This is due to missing nonce validation
The Stop Spammers Classic plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2026.1. This is due to missing nonce validation in the ss_addtoallowlis
The EleForms – All In One Form Integration including DB for Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.9.9.9. This is due to mis
UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted PO
The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update
The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the update_r
The Shield Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 21.0.8. This is due to the plugin allowing nonce verification to be bypassed
The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the create_or_update_note functi
Cross-Site Request Forgery (CSRF) vulnerability in Creativthemes Point allows Cross Site Request Forgery.This issue affects Point: from n/a through 1.1.
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the func_
The Web Accessibility By accessiBe plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.10. This is due to missing nonce validation on multiple AJAX
The Link Shield plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.4. This is due to missing or incorrect nonce validation on the link_shield_me
The Webcamconsult plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.0. This is due to missing or incorrect nonce validation on a function. This
The Transporters.io plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.1. This is due to missing nonce validation on a function. This makes it p
Cross-Site Request Forgery (CSRF) vulnerability in Helmut Wandl Advanced Settings advanced-settings allows Cross Site Request Forgery.This issue affects Advanced Settings: from n/a through <= 3.0.1.
Some endpoints in vulnerability-lookup that modified
application state (e.g. changing database entries, user data,
configurations, or other privileged actions) may have been accessible
via HTTP GET
The Short URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.8. This is due to missing or incorrect nonce validation on the configuration_page f
Precurio Intranet Portal 4.4 contains a cross-site request forgery vulnerability that allows attackers to induce authenticated users to submit crafted requests to a profile update endpoint handling fi
The Auto Post Scheduler plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.84. This is due to missing nonce validation on the 'aps_options_page' f
← Previous Page 5