Export limit exceeded: 10170 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (10170 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2022-3852 | 1 Vr Calendar Project | 1 Vr Calendar | 2026-04-08 | 8.8 High |
| The VR Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3.3. This is due to missing or incorrect nonce validation on several functions. This makes it possible for unauthenticated attackers to delete, and modify calendars as well as the plugin settings, via forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-2540 | 1 Link Optimizer Lite Project | 1 Link Optimizer Lite | 2026-04-08 | 8.8 High |
| The Link Optimizer Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery to Cross-Site Scripting in versions up to, and including 1.4.5. This is due to missing nonce validation on the admin_page function found in the ~/admin.php file. This makes it possible for unauthenticated attackers to modify the plugin's settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-2443 | 1 Freemind Wp Browser Project | 1 Freemind Wp Browser | 2026-04-08 | 8.8 High |
| The FreeMind WP Browser plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.2. This is due to missing nonce protection on the FreemindOptions() function found in the ~/freemind-wp-browser.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-2441 | 1 Orangelab | 1 Imagemagick Engine | 2026-04-08 | 8.8 High |
| The ImageMagick Engine plugin for WordPress is vulnerable to remote code execution via the 'cli_path' parameter in versions up to, and including 1.7.5. This makes it possible for unauthenticated users to run arbitrary commands leading to remote command execution, granted they can trick a site administrator into performing an action such as clicking on a link. This makes it possible for an attacker to create and or modify files hosted on the server which can easily grant attackers backdoor access to the affected server. | ||||
| CVE-2022-2224 | 1 Ghozylab | 1 Gallery For Social Photo | 2026-04-08 | 5.4 Medium |
| The WordPress plugin Gallery for Social Photo is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.0.27 due to failure to properly check for the existence of a nonce in the function gifeed_duplicate_feed. This make it possible for unauthenticated attackers to duplicate existing posts or pages granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-2039 | 1 Livesupporti | 1 Free Live Chat Support | 2026-04-08 | 8.8 High |
| The Free Live Chat Support plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including 1.0.11. This is due to missing nonce protection on the livesupporti_settings() function found in the ~/livesupporti.php file. This makes it possible for unauthenticated attackers to inject malicious web scripts into the page, granted they can trick a site's administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-1918 | 1 Toolbar To Share Project | 1 Toolbar To Share | 2026-04-08 | 8.8 High |
| The ToolBar to Share plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0. This is due to missing nonce validation on the plugin_toolbar_comparte page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2022-1900 | 1 Copify | 1 Copify | 2026-04-08 | 8.8 High |
| The Copify plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.0. This is due to missing nonce validation on the CopifySettings page. This makes it possible for unauthenticated attackers to update the plugins settings and inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4427 | 1 Vuukle | 1 Vuukle Comments\, Reactions\, Share Bar\, Revenue | 2026-04-08 | 4.3 Medium |
| The Vuukle Comments, Reactions, Share Bar, Revenue plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.31. This is due to missing or incorrect nonce validation in the /admin/partials/free-comments-for-wordpress-vuukle-admin-display.php file. This makes it possible for unauthenticated attackers to edit the plugins settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4426 | 1 Codesupply | 1 Absolute Reviews | 2026-04-08 | 4.3 Medium |
| The Absolute Reviews plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.8. This is due to missing or incorrect nonce validation on the metabox_review_save() function. This makes it possible for unauthenticated attackers to save meta tags via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4425 | 1 Wpmudev | 1 Defender Security | 2026-04-08 | 4.3 Medium |
| The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verify_otp_login_time() function. This makes it possible for unauthenticated attackers to verify a one time login via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4424 | 1 Quantumcloud | 1 Slider Hero | 2026-04-08 | 4.3 Medium |
| The Slider Hero plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 8.2.0. This is due to missing or incorrect nonce validation on the qc_slider_hero_duplicate() function. This makes it possible for unauthenticated attackers to duplicate slides via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4423 | 1 It-rays | 1 Rays Grid | 2026-04-08 | 4.3 Medium |
| The RAYS Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.2. This is due to missing or incorrect nonce validation on the rsgd_insert_update() function. This makes it possible for unauthenticated attackers to update post fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4422 | 1 Wpexperts | 1 Post Smtp | 2026-04-08 | 4.3 Medium |
| The POST SMTP Mailer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.20. This is due to missing or incorrect nonce validation on the handleCsvExport() function. This makes it possible for unauthenticated attackers to trigger a CSV export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4421 | 1 Ashstonestudios | 1 Advanced Popups | 2026-04-08 | 4.3 Medium |
| The Advanced Popups plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.1. This is due to missing or incorrect nonce validation on the metabox_popup_save() function. This makes it possible for unauthenticated attackers to save meta tags via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4420 | 1 Graphpaperpress | 1 Sell Media | 2026-04-08 | 4.3 Medium |
| The Sell Media plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.5. This is due to missing or incorrect nonce validation on the sell_media_process() function. This makes it possible for unauthenticated attackers to sell media paypal orders via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4419 | 1 Inoplugs | 1 Wp-backgrounds-lite | 2026-04-08 | 4.3 Medium |
| The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the ino_save_data() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4418 | 1 Wpfactory | 1 Custom Css\, Js \& Php | 2026-04-08 | 4.3 Medium |
| The Custom CSS, JS & PHP plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save code snippets via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4417 | 1 Incsub | 1 Forminator | 2026-04-08 | 5.4 Medium |
| The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule() function. This makes it possible for unauthenticated attackers to export form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||
| CVE-2021-4416 | 1 Wp-mpdf Project | 1 Wp-mpdf | 2026-04-08 | 4.3 Medium |
| The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost() function. This makes it possible for unauthenticated attackers to save post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. | ||||