Total
8219 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4427 | 1 Vuukle | 1 Vuukle Comments\, Reactions\, Share Bar\, Revenue | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect nonce validation in the /admin/partials/free-comments-for-wordpress-vuukle-admin-display.php file. This makes it possible for unauthenticated attackers to edit the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4426 | 1 Codesupply | 1 Absolute Reviews | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metabox_review_save() function. This makes it possible for unauthenticated attackers to save meta tags via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4425 | 1 Wpmudev | 1 Defender Security | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4424 | 1 Quantumcloud | 1 Slider Hero | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qc_slider_hero_duplicate() function. This makes it possible for unauthenticated attackers to duplicate slides via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4423 | 1 It-rays | 1 Rays Grid | 2024-11-21 | N/A | 4.3 MEDIUM |
| The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgd_insert_update() function. This makes it possible for unauthenticated attackers to update post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4421 | 1 Ashstonestudios | 1 Advanced Popups | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metabox_popup_save() function. This makes it possible for unauthenticated attackers to save meta tags via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4420 | 1 Graphpaperpress | 1 Sell Media | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4419 | 1 Inoplugs | 1 Wp-backgrounds-lite | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the ino_save_data() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4418 | 1 Wpfactory | 1 Custom Css\, Js \& Php | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4417 | 1 Incsub | 1 Forminator | 2024-11-21 | N/A | 5.4 MEDIUM |
| The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule() function. This makes it possible for unauthenticated attackers to export form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4416 | 1 Wp-mpdf Project | 1 Wp-mpdf | 2024-11-21 | N/A | 4.3 MEDIUM |
| The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost() function. This makes it possible for unauthenticated attackers to save post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4415 | 1 Sunshinephotocart | 1 Sunshine Photo Cart | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_products_quicksave_post() function. This makes it possible for unauthenticated attackers to save custom post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4414 | 1 Tychesoftwares | 1 Abandoned Cart Lite For Woocommerce | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce validation on the wcal_preview_emails() function. This makes it possible for unauthenticated attackers to generate email preview templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4413 | 1 Coolplugins | 1 Process Steps Template Designer | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4412 | 1 Goprayer | 1 Wp Prayer | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save() and export() functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a data export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4411 | 1 Wpeasypay | 1 Wp Easypay | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpep_download_transaction_in_excel() function. This makes it possible for unauthenticated attackers to trigger a transactions download via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4410 | 1 Qtranslate Slug Project | 1 Qtranslate Slug | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.18. This is due to missing or incorrect nonce validation on the save_postdata() function. This makes it possible for unauthenticated attackers to save post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4409 | 1 Exportfeed | 1 Woocommerce Etsy Integration | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpf_delete_feed() function. This makes it possible for unauthenticated attackers to delete an export feed via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4408 | 1 Designwall | 1 Dw Question \& Answer | 2024-11-21 | N/A | 4.3 MEDIUM |
| The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation on the update_answer() function. This makes it possible for unauthenticated attackers to update answers to questions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2021-4407 | 1 Goldplugins | 1 Custom Banners | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||