CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-32096 – WordPress WP Synchro plugin <= 1.11.2 - Cross Site Request Forgery (CSRF) vulnerability
https://notcve.org/view.php?id=CVE-2024-32096
11 Apr 2024 — Cross-Site Request Forgery (CSRF) vulnerability in DAEV.Tech WP Migration Plugin DB & Files – WP Synchro.This issue affects WP Migration Plugin DB & Files – WP Synchro: from n/a through 1.11.2. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en DAEV.Tech WP Migration Plugin DB & Files – WP Synchro. Este problema afecta a WP Migration Plugin DB & Files – WP Synchro: desde n/a hasta 1.11.2. The WP Migration Plugin DB & Files – WP Synchro plugin for WordPress is vulnerable to Cross-Site Request For... • https://patchstack.com/database/vulnerability/wpsynchro/wordpress-wp-synchro-plugin-1-11-2-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-41660 – WordPress WP Migration Plugin DB & Files – WP Synchro Plugin <= 1.9.1 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-41660
01 Sep 2023 — Cross-Site Request Forgery (CSRF) vulnerability in WPSynchro WP Synchro plugin <= 1.9.1 versions. Vulnerabilidad de Cross-Site Request Forgery (CSRF) en el complemento WPSynchro WP Synchro en versiones <= 1.9.1. The WP Migration Plugin DB & Files – WP Synchro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.1. This is due to missing nonce validation on several render() functions. This makes it possible for unauthenticated attackers to modify the plugi... • https://patchstack.com/database/vulnerability/wpsynchro/wordpress-wordpress-migration-plugin-db-files-wp-synchro-plugin-1-9-1-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •