| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-Site Request Forgery (CSRF) vulnerability in Igor Yavych Simple Rating simple-rating allows Stored XSS.This issue affects Simple Rating: from n/a through <= 1.4. |
| Cross-Site Request Forgery (CSRF) vulnerability in usermaven Usermaven usermaven allows Cross Site Request Forgery.This issue affects Usermaven: from n/a through <= 1.2.1. |
| The EZ SQL Reports Shortcode Widget and DB Backup plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 4.11.13 to 5.25.08. This is due to missing or incorrect nonce validation on the 'ELISQLREPORTS_menu' function. This makes it possible for unauthenticated attackers to execute code on the server via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. Version 5.25.10 adds a nonce check, which makes this vulnerability exploitable by admins only. |
| Cross-Site Request Forgery (CSRF) vulnerability in Slickstream Slickstream slick-engagement allows Cross Site Request Forgery.This issue affects Slickstream: from n/a through <= 2.0.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in Rick Beckman OpenHook thesis-openhook allows Cross Site Request Forgery.This issue affects OpenHook: from n/a through <= 4.3.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Hakik Zaman Custom Login Logo ideal-wp-login-logo-changer allows Cross Site Request Forgery.This issue affects Custom Login Logo: from n/a through <= 1.1.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in hoyce Universal Analytics Injector universal-analytics-injector allows Stored XSS.This issue affects Universal Analytics Injector: from n/a through <= 1.0.3. |
| Cross-Site Request Forgery (CSRF) vulnerability in POEditor POEditor poeditor allows Path Traversal.This issue affects POEditor: from n/a through <= 0.9.10. |
| Cross-Site Request Forgery (CSRF) vulnerability in Creative Motion Clearfy Cache.This issue affects Clearfy Cache: from n/a through 2.2.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in FameThemes FameTheme Demo Importer.This issue affects FameTheme Demo Importer: from n/a through 1.1.5. |
| Cross-Site Request Forgery (CSRF) vulnerability in Burst Statistics B.V. Burst Statistics burst-statistics allows Cross Site Request Forgery.This issue affects Burst Statistics: from n/a through <= 2.0.6. |
| Path Traversal: '.../...//' vulnerability in corporatezen222 Contact Page With Google Map contact-page-with-google-map allows Path Traversal.This issue affects Contact Page With Google Map: from n/a through <= 1.6.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in samcharrington RSS Digest rss-digest allows Stored XSS.This issue affects RSS Digest: from n/a through <= 1.5. |
| The Reuters Direct plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the the 'class-reuters-direct-settings.php' page. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in Mathieu Chartier WP-Planification wp-planification allows Stored XSS.This issue affects WP-Planification: from n/a through <= 2.3.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in richtexteditor Rich Text Editor richtexteditor allows Stored XSS.This issue affects Rich Text Editor: from n/a through <= 1.0.1. |
| The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete messages via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. |
| Cross-Site Request Forgery (CSRF) vulnerability in Kathleen Malone Find Your Reps find-your-reps allows Stored XSS.This issue affects Find Your Reps: from n/a through <= 1.2. |
| Cross-Site Request Forgery (CSRF) vulnerability in Tim W Loco Translate loco-translate allows Cross Site Request Forgery.This issue affects Loco Translate: from n/a through <= 2.6.9. |
| A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a privileged user, authenticated with basic authentication. |
