CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-4312 – Soccer Engine – Soccer Plugin for WordPress <= 1.12 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2024-4312
07 May 2024 — The Soccer Engine – Soccer Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12. This is due to missing or incorrect nonce validation when saving match and team settings. This makes it possible for unauthenticated attackers to change plugin settings as well as teams, players, etc. via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. El complemento Soccer Engine – Socc... • https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3081944%40soccer-engine-lite%2Ftrunk&old=3066918%40soccer-engine-lite%2Ftrunk • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-48334 – WordPress League Table Plugin <= 1.13 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-48334
23 Nov 2023 — Cross-Site Request Forgery (CSRF) vulnerability in DAEXT League Table allows Cross Site Request Forgery.This issue affects League Table: from n/a through 1.13. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en DAEXT League Table permite Cross Site Request Forgery. Este problema afecta a League Table: desde n/a hasta 1.13. The League Table plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13. This is due to missing or incorrect nonce validation in the v... • https://patchstack.com/database/vulnerability/league-table-lite/wordpress-league-table-plugin-1-13-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46625 – WordPress Autolinks Manager Plugin <= 1.10.04 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-46625
25 Oct 2023 — Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Autolinks Manager plugin <= 1.10.04 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento DAEXT Autolinks Manager en versiones <= 1.10.04. The Autolinks Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.04. This is due to missing or incorrect nonce validation in autolinks.php, categories.php, and term_groups.php. This makes it possible for unauthenticated attack... • https://patchstack.com/database/vulnerability/daext-autolinks-manager/wordpress-autolinks-manager-plugin-1-10-04-multiple-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41669 – WordPress Live News Plugin <= 1.06 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41669
04 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in DAEXT Live News plugin <= 1.06 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento DAEXT Live News en versiones <= 1.06. The Live News plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.06. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to modify the plugin's settings via a forged request granted t... • https://patchstack.com/database/vulnerability/live-news-lite/wordpress-live-news-plugin-1-06-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •