Total
8041 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-36751 | 1 Jesseeproductions | 1 Coupon Creator | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Coupon Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. This is due to missing or incorrect nonce validation on the save_meta() function. This makes it possible for unauthenticated attackers to save meta fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36750 | 1 Ewww | 1 Image Optimizer | 2024-11-21 | N/A | 4.3 MEDIUM |
| The EWWW Image Optimizer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.1. This is due to missing or incorrect nonce validation on the ewww_ngg_bulk_init() function. This makes it possible for unauthenticated attackers to perform bulk image optimization via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36749 | 1 Goldplugins | 1 Easy Testimonials | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36748 | 1 Wedevs | 1 Dokan | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. This is due to missing or incorrect nonce validation on the handle_order_export() function. This makes it possible for unauthenticated attackers to trigger an order export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36747 | 1 Brainstormforce | 1 Lightweight Sidebar Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. This is due to missing or incorrect nonce validation on the metabox_save() function. This makes it possible for unauthenticated attackers to save metbox data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36746 | 1 Menu Swapper Project | 1 Menu Swapper | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. This is due to missing or incorrect nonce validation on the mswp_save_meta() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36745 | 1 Wedevs | 1 Wp Project Manager | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. This is due to missing or incorrect nonce validation on the do_updates() function. This makes it possible for unauthenticated attackers to trigger updates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36744 | 1 Wpdeveloper | 1 Notificationx | 2024-11-21 | N/A | 4.3 MEDIUM |
| The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. This is due to missing or incorrect nonce validation on the generate_conversions() function. This makes it possible for unauthenticated attackers to generate conversions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36743 | 1 Implecode | 1 Product Catalog Simple | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. This is due to missing or incorrect nonce validation on the implecode_save_products_meta() function. This makes it possible for unauthenticated attackers to update product meta via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36742 | 1 Wpgogo | 1 Custom Field Template | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. This is due to missing or incorrect nonce validation on the edit_meta_value() function. This makes it possible for unauthenticated attackers to edit meta field values via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36741 | 1 Multivendorx | 1 Multivendorx | 2024-11-21 | N/A | 4.3 MEDIUM |
| The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. This is due to missing or incorrect nonce validation on the submit_comment() function. This makes it possible for unauthenticated attackers to submit comments via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36740 | 1 Radio Buttons For Taxonomies Project | 1 Radio Buttons For Taxonomies | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. This is due to missing or incorrect nonce validation on the save_single_term() function. This makes it possible for unauthenticated attackers to save terms via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36739 | 1 Slickremix | 1 Feed Them Social | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Feed Them Social – Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. This is due to missing or incorrect nonce validation on the my_fts_fb_load_more() function. This makes it possible for unauthenticated attackers to load feeds via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36738 | 1 Coolplugins | 1 Cool Timeline | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. This is due to missing or incorrect nonce validation on the ctl_save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36737 | 1 Brainstormforce | 1 Import \/ Export Customizer Settings | 2024-11-21 | N/A | 4.3 MEDIUM |
| The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the astra_admin_errors() function. This makes it possible for unauthenticated attackers to display an import status via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36736 | 1 Cartflows | 1 Cartflows | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. This is due to missing or incorrect nonce validation on the export_json, import_json, and status_logs_file functions. This makes it possible for unauthenticated attackers to import/export settings and trigger logs showing via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36735 | 1 Wedevs | 1 Wp Erp | 2024-11-21 | N/A | 4.3 MEDIUM |
| The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.3. This is due to missing or incorrect nonce validation on the handle_leave_calendar_filter, add_enable_disable_option_save, leave_policies, process_bulk_action, and process_crm_contact functions. This makes it possible for unauthenticated attackers to modify the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36717 | 1 Kaliforms | 1 Kali Forms | 2024-11-21 | N/A | 8.8 HIGH |
| The Kali Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. This is due to incorrect nonce handling throughout the plugin's function. This makes it possible for unauthenticated attackers to access the plugin's administrative functions via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36707 | 1 Wpconcern | 1 Coming Soon \& Maintenance Mode Page | 2024-11-21 | N/A | 8.8 HIGH |
| The Coming Soon & Maintenance Mode Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.57. This is due to confusing logic functions missing or having incorrect nonce validation. This makes it possible for unauthenticated attackers to gain and perform otherwise unauthorized access and actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | |||||
| CVE-2020-36669 | 1 Jetbackup | 1 Jetbackup | 2024-11-21 | N/A | 8.8 HIGH |
| The JetBackup – WP Backup, Migrate & Restore plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.3.9. This is due to missing nonce validation on the backup_guard_get_import_backup() function. This makes it possible for unauthenticated attackers to upload arbitrary files to the vulnerable site's server via a forged request, granted they can trick a site's administrator into performing an action such as clicking on a link. | |||||