CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-50873 – WordPress Add Any Extension to Pages Plugin <= 1.4 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-50873
22 Dec 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Add Any Extension to Pages.This issue affects Add Any Extension to Pages: from n/a through 1.4. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en Marios Alexandrou Add Any Extension to Pages. Este problema afecta a Add Any Extension to Pages: desde n/a hasta 1.4. The Add Any Extension to Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect... • https://patchstack.com/database/vulnerability/add-any-extension-to-pages/wordpress-add-any-extension-to-pages-plugin-1-4-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28618 – WordPress Enhanced Plugin Admin Plugin <= 1.16 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-28618
21 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Marios Alexandrou Enhanced Plugin Admin plugin <= 1.16 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento Marios Alexandrou Enhanced Plugin Admin en versiones <= 1.16. The Enhanced Plugin Admin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.16. This is due to missing or incorrect nonce validation on the epa_options_page function. This makes it possible for unauthenticated ... • https://patchstack.com/database/vulnerability/enhanced-plugin-admin/wordpress-enhanced-plugin-admin-plugin-1-16-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-13641 – Real-Time Find and Replace <= 3.9 - Cross-Site Request Forgery to Stored Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2020-13641
27 Apr 2020 — An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The far_options_page function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript, allowing for that be executed later in the victims browser. Se detectó un problema en el plugin Real-Time Find and Replace versiones anteriores a 4.0.2 para WordPress. La función far_options_page no realizó ninguna ve... • https://wordpress.org/plugins/real-time-find-and-replace/#developers • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2020-35135 – Ultimate Category Excluder <= 1.1 - Cross-Site Request Forgery
https://notcve.org/view.php?id=CVE-2020-35135
08 Jan 2020 — The ultimate-category-excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. El plugin ultimate-category-excluder versiones anteriores a 1.2 para WordPress, permite un ataque de tipo CSRF en el archivo ultimate-category-excluder.php The Ultimate Category Excluder plugin before 1.2 for WordPress allows ultimate-category-excluder.php CSRF. • https://advisory.checkmarx.net/advisory/CX-2020-4294 • CWE-352: Cross-Site Request Forgery (CSRF) •