Page 130 of 1623 results (0.043 seconds)

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

08 Feb 2023 — The ColorWay Theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.2.3. • https://patchstack.com/database/vulnerability/colorway/wordpress-colorway-theme-4-2-3-csrf-leading-to-arbitrary-plugin-activation? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

07 Feb 2023 — The Slider by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.6. • https://patchstack.com/database/vulnerability/slider-by-supsystic/wordpress-slider-by-supsystic-plugin-1-8-4-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

06 Feb 2023 — Improper Neutralization of Formula Elements in a CSV File vulnerability in WebToffee WordPress Comments Import & Export.This issue affects WordPress Comments Import & Export: from n/a through 2.3.1. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de CSV File en WebToffee WordPress Comments Import & Export. Este problema afecta a WordPress Comments Import & Export: desde n/a hasta 2.3.1. The WordPress Comments Import & Export plugin for Wo... • https://patchstack.com/database/vulnerability/comments-import-export-woocommerce/wordpress-wordpress-comments-import-export-plugin-2-3-1-csv-injection? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

06 Feb 2023 — Improper Neutralization of Formula Elements in a CSV File vulnerability in Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce.This issue affects Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce: from n/a through 5.5.2. Neutralización inadecuada de elementos de fórmula en una vulnerabilidad de CSV File en Icegram Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooComm... • https://patchstack.com/database/vulnerability/email-subscribers/wordpress-icegram-express-email-subscribers-newsletters-and-marketing-automation-plugin-plugin-5-5-2-csv-injection? • CWE-1236: Improper Neutralization of Formula Elements in a CSV File •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

06 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Mercado Pago Mercado Pago payments for WooCommerce plugin <= 6.3.1. The Mercado Pago payments for WooCommerce plugin is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.6.0. This is due to missing or incorrect nonce validation on the multiple functions. This makes it possible for unauthenticated attackers to trick other users or visitors into creating or processing payments via a forged request. Cross-Site Request Forgery (CSRF) ... • https://patchstack.com/database/vulnerability/woocommerce-mercadopago/wordpress-mercado-pago-payments-for-woocommerce-plugin-6-3-1-cross-site-request-forgery-csrf-vulnerability-2?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1

06 Feb 2023 — The 0mk Shortener plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.2. • https://plugins.trac.wordpress.org/browser/0mk-shortener/trunk/0mk.php#L28 • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

03 Feb 2023 — The Auto YouTube Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. • https://patchstack.com/database/vulnerability/auto-youtube-importer/wordpress-auto-youtube-importer-plugin-1-0-3-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

02 Feb 2023 — The Multi Rating for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.0.5. • https://patchstack.com/database/vulnerability/multi-rating/wordpress-multi-rating-plugin-5-0-5-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

02 Feb 2023 — The PHP Execution plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.0. • https://patchstack.com/database/vulnerability/php-execution-plugin/wordpress-php-execution-plugin-1-0-0-cross-site-request-forgery-csrf-vulnerability? • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

02 Feb 2023 — Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. The WP Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.14. ... Cross-Site Request Forgery (CSRF) vulnerability in ShapedPlugin WP Tabs – Responsive Tabs Plugin for WordPress plugin <= 2.1.14 versions. • https://patchstack.com/database/vulnerability/wp-expand-tabs-free/wordpress-wp-tabs-responsive-tabs-plugin-for-wordpress-plugin-2-1-14-cross-site-request-forgery-csrf? • CWE-352: Cross-Site Request Forgery (CSRF) •