Export limit exceeded: 344006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (9090 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2023-4731 | 1 Ladipage | 1 Ladipage | 2026-04-08 | 4.3 Medium |
| The LadiApp plugn for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the init_endpoint() function hooked via 'init' in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to modify a variety of settings, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. An attacker can directly modify the 'ladipage_key' which enables them to create new posts on the website and inject malicious web scripts, | ||||
| CVE-2023-4628 | 1 Ladipage | 1 Ladipage | 2026-04-08 | 4.3 Medium |
| The LadiApp plugin for WordPress is vulnerable to Cross-Site Request Forgery due to a missing nonce check on the ladiflow_save_hook() function in versions up to, and including, 4.4. This makes it possible for unauthenticated attackers to update the 'ladiflow_hook_configs' option via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-4277 | 1 Pragmaticmates | 1 Realia | 2026-04-08 | 8.8 High |
| The Realia plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.0. This is due to missing nonce validation on the 'process_change_profile_form' function. This makes it possible for unauthenticated attackers to change user email via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-4248 | 1 Givewp | 1 Givewp | 2026-04-08 | 5.4 Medium |
| The GiveWP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.33.3. This is due to missing or incorrect nonce validation on the give_stripe_disconnect_connect_stripe_account function. This makes it possible for unauthenticated attackers to deactivate the plugin's stripe integration settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-3203 | 1 Inspireui | 1 Mstore Api | 2026-04-08 | 4.3 Medium |
| The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_limit_product function. This makes it possible for unauthenticated attackers to update limit the number of product per category to use cache data in home screen via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-3055 | 1 Azexo | 1 Page Builder With Image Map By Azexo | 2026-04-08 | 6.1 Medium |
| The Page Builder by AZEXO plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.27.133. This is due to missing or incorrect nonce validation on the 'azh_save' function. This makes it possible for unauthenticated attackers to update the post content and inject malicious JavaScript via a forged request, granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2896 | 1 Wpeasycart | 1 Wp Easycart | 2026-04-08 | 4.3 Medium |
| The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_duplicate_product function. This makes it possible for unauthenticated attackers to duplicate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2895 | 1 Wpeasycart | 1 Wp Easycart | 2026-04-08 | 4.3 Medium |
| The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_bulk_activate_product function. This makes it possible for unauthenticated attackers to bulk activate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2893 | 1 Wpeasycart | 1 Wp Easycart | 2026-04-08 | 4.3 Medium |
| The WP EasyCart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.4.8. This is due to missing or incorrect nonce validation on the process_deactivate_product function. This makes it possible for unauthenticated attackers to deactivate products via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2528 | 1 Supsystic | 1 Contact Form | 2026-04-08 | 5.4 Medium |
| The Contact Form by Supsystic plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.24. This is due to missing or incorrect nonce validation on the AJAX action handler. This makes it possible for unauthenticated attackers to execute AJAX actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2447 | 1 Userproplugin | 1 Userpro | 2026-04-08 | 6.1 Medium |
| The UserPro plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.1.1. This is due to missing or incorrect nonce validation on the 'export_users' function. This makes it possible for unauthenticated attackers to export the users to a csv file, granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2407 | 1 Vcita | 2 Event Registration Calendar By Vcita, Online Payments - Get Paid With Paypal\, Square \& Stripe | 2026-04-08 | 6.1 Medium |
| The Event Registration Calendar By vcita plugin, versions up to and including 3.10.0, and Online Payments – Get Paid with PayPal, Square & Stripe plugin, for WordPress are vulnerable to Cross-Site Request Forgery. This is due to missing nonce validation in the ls_parse_vcita_callback() function. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2405 | 1 Vcita | 1 Crm And Lead Management By Vcita | 2026-04-08 | 6.1 Medium |
| The CRM and Lead Management by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.7.0. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-2303 | 1 Vcita | 1 Contact Form And Calls To Action By Vcita | 2026-04-08 | 6.1 Medium |
| The Contact Form and Calls To Action by vcita plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.5. This is due to missing nonce validation in the vcita-callback.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious JavaScript via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-1925 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2026-04-08 | 4.3 Medium |
| The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_clear_cache_of_allsites_callback function. This makes it possible for unauthenticated attackers to clear caches via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-1921 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2026-04-08 | 4.3 Medium |
| The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_start_cdn_integration_ajax_request_callback function. This makes it possible for unauthenticated attackers to change cdn settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-1919 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2026-04-08 | 4.3 Medium |
| The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_save_settings_callback function. This makes it possible for unauthenticated attackers to change cache-related settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-1918 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2026-04-08 | 4.3 Medium |
| The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfc_preload_single_callback function. This makes it possible for unauthenticated attackers to invoke a cache building action via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-1344 | 1 Rapidload | 1 Rapidload Power-up For Autoptimize | 2026-04-08 | 4.3 Medium |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the uucss_update_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2023-1343 | 1 Rapidload | 1 Rapidload Power-up For Autoptimize | 2026-04-08 | 4.3 Medium |
| The RapidLoad Power-Up for Autoptimize plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.7.1. This is due to missing or incorrect nonce validation on the attach_rule function. This makes it possible for unauthenticated attackers to modify the plugin's cache via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||