CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-23802 – WordPress HT Easy GA4 ( Google Analytics 4 ) Plugin <= 1.0.6 is vulnerable to Cross Site Request Forgery (CSRF)
https://notcve.org/view.php?id=CVE-2023-23802
08 Mar 2023 — Cross-Site Request Forgery (CSRF) vulnerability in HasThemes HT Easy GA4 ( Google Analytics 4 ) plugin <= 1.0.6 versions. The HT Easy GA4 ( Google Analytics 4 ) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. This is due to missing or incorrect nonce validation on the plugin_activation function. This makes it possible for unauthenticated attackers to activate plugins via a forged request granted they can trick a site administrator into performing an ... • https://patchstack.com/database/vulnerability/ht-easy-google-analytics/wordpress-ht-easy-ga4-google-analytics-4-plugin-1-0-6-cross-site-request-forgery-csrf-vulnerability?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0484 – Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks < 1.1.6 - Arbitrary Plugin Activation via CSRF
https://notcve.org/view.php?id=CVE-2023-0484
28 Feb 2023 — The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack The Contact Form 7 Widget For Elementor Page Builder & Gutenberg Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the 'plu... • https://wpscan.com/vulnerability/e61fb245-0d7f-42b0-9b96-c17ade8c04c5 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0495 – HT Slider For Elementor < 1.4.0 - Arbitrary Plugin Activation via CSRF
https://notcve.org/view.php?id=CVE-2023-0495
28 Feb 2023 — The HT Slider For Elementor WordPress plugin before 1.4.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack The HT Slider For Elementor plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.9. This is due to missing or incorrect nonce validation on the 'plugin_activation' function. This makes it possible for unauthenticated attackers to activa... • https://wpscan.com/vulnerability/2e3af480-b1a4-404c-b0fc-2b7b6a6b9c27 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0496 – HT Event < 1.4.6 - Arbitrary Plugin Activation via CSRF
https://notcve.org/view.php?id=CVE-2023-0496
28 Feb 2023 — The HT Event WordPress plugin before 1.4.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack The HT Event plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.5. This is due to missing or incorrect nonce validation on the 'plugin_activation' function. This makes it possible for unauthenticated attackers to activate arbitrary plugins already i... • https://wpscan.com/vulnerability/451b47d5-7bd2-4a82-9c8e-fe6601bcd2ab • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0497 – HT Portfolio < 1.1.6 - Arbitrary Plugin Activation via CSRF
https://notcve.org/view.php?id=CVE-2023-0497
28 Feb 2023 — The HT Portfolio WordPress plugin before 1.1.6 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack The HT Portfolio plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.5. This is due to missing or incorrect nonce validation on the 'plugin_activation' function. This makes it possible for unauthenticated attackers to activate arbitrary plugins a... • https://wpscan.com/vulnerability/ae5b7776-9d0d-4db8-81c3-237b16cd9c62 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0498 – WP Education < 1.2.7 - Arbitrary Plugin Activation via CSRF
https://notcve.org/view.php?id=CVE-2023-0498
28 Feb 2023 — The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack The WP Education plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.6. This is due to missing or incorrect nonce validation on the 'plugin_activation' function. This makes it possible for unauthenticated attackers to activate arbitrary plugins a... • https://wpscan.com/vulnerability/8fa051ad-5b35-46d8-be95-0ac4e73d5eff • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0499 – QuickSwish < 1.1.0 - Arbitrary Plugin Activation via CSRF
https://notcve.org/view.php?id=CVE-2023-0499
28 Feb 2023 — The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack The QuickSwish plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.9. This is due to missing or incorrect nonce validation on the 'plugin_activation' function. This makes it possible for unauthenticated attackers to activate arbitrary plugins alrea... • https://wpscan.com/vulnerability/9342470a-a0ad-4f0b-b95f-7daa39a6362b • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0503 – Free WooCommerce Theme 99fy Extension < 1.2.8 - Arbitrary Plugin Activation via CSRF
https://notcve.org/view.php?id=CVE-2023-0503
28 Feb 2023 — The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack The Free WooCommerce Theme 99fy Extension plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.7. This is due to missing or incorrect nonce validation on the 'plugin_activation' function. This makes it possible for unauthe... • https://wpscan.com/vulnerability/3cb148fb-1f30-4316-a421-10da51d849f3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0504 – HT Politic < 2.3.8 - Arbitrary Plugin Activation via CSRF
https://notcve.org/view.php?id=CVE-2023-0504
28 Feb 2023 — The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack The HT Politic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.7. This is due to missing or incorrect nonce validation on the 'plugin_activation' function. This makes it possible for unauthenticated attackers to activate arbitrary plugins alrea... • https://wpscan.com/vulnerability/b427841d-a3ad-4e3a-8964-baad90a9aedb • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 1CVE-2023-0505 – Ever Compare <= 1.2.3 - Arbitrary Plugin Activation via CSRF
https://notcve.org/view.php?id=CVE-2023-0505
28 Feb 2023 — The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack The Ever Compare plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.3. This is due to missing or incorrect nonce validation on functions such as 'plugin_activation'. This makes it possible for unauthenticated attackers to activate arbitrary plu... • https://wpscan.com/vulnerability/dbabff3e-b021-49ed-aaf3-b73a77d4b354 • CWE-352: Cross-Site Request Forgery (CSRF) •