Posts Tagged ‘Cross-Site Request Forgery’
Theme My Login Vulnrability – Cross-Site Request Forgery to Settings Update – CVE-2024-7422 | WordPress Plugin Vulnerability Report
Plugin Name: Theme My Login Key Information: Software Type: Plugin Software Slug: theme-my-login Software Status: Active Software Author: jfarthing84 Software Downloads: 4,025,356 Active Installs: 80,000 Last Updated: August 18, 2024 Patched Versions: 7.1.8 Affected Versions: <= 7.1.7 Vulnerability Details: Name: Theme My Login <= 7.1.7 Title: Cross-Site Request Forgery to Settings Update Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…
Read MoreInsert PHP Code Snippet Vulnerability – Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion – CVE-2024-7420 | WordPress Plugin Vulnerability Report
Plugin Name: Insert PHP Code Snippet Key Information: Software Type: Plugin Software Slug: insert-php-code-snippet Software Status: Active Software Author: f1logic Software Downloads: 1,045,147 Active Installs: 100,000 Last Updated: August 18, 2024 Patched Versions: 1.3.7 Affected Versions: <= 1.3.6 Vulnerability Details: Name: Insert PHP Code Snippet <= 1.3.6 Title: Cross-Site Request Forgery to Code Snippet Activate/Deactivate/Deletion…
Read MoreLiteSpeed Cache Vulnerability – Cross-Site Request Forgery to Stored Cross-Site Scripting – CVE-2024-3246 | WordPress Plugin Vulnerability Report
Plugin Name: LiteSpeed Cache Key Information: Software Type: Plugin Software Slug: litespeed-cache Software Status: Active Software Author: litespeedtech Software Downloads: 70,093,541 Active Installs: 5,000,000 Last Updated: July 29, 2024 Patched Versions: 6.3 Affected Versions: <= 6.2.0.1 Vulnerability Details: Name: LiteSpeed Cache <= 6.2.0.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-3246 CVSS Score: 6.1 Publicly Published: July 23, 2024…
Read MoreLoco Translate Vulnerability – Cross-Site Request Forgery – CVE-2024-37236 | WordPress Plugin Vulnerability Report
Plugin Name: Loco Translate Key Information: Software Type: Plugin Software Slug: loco-translate Software Status: Active Software Author: timwhitlock Software Downloads: 26,085,928 Active Installs: 1,000,000 Last Updated: July 16, 2024 Patched Versions: 2.6.10 Affected Versions: <= 2.6.9 Vulnerability Details: Name: Loco Translate <= 2.6.9 Type: Cross-Site Request Forgery CVE: CVE-2024-37236 CVSS Score: 4.3 Publicly Published: June…
Read MoreEasy Digital Downloads Vulnerability – Cross-Site Request Forgery – CVE-2024-31113 | WordPress Plugin Vulnerability Report
Plugin Name: Easy Digital Downloads Key Information: Software Type: Plugin Software Slug: easy-digital-downloads Software Status: Active Software Author: smub Software Downloads: 4,985,103 Active Installs: 50,000 Last Updated: May 9, 2024 Patched Versions: 3.2.12 Affected Versions: <= 3.2.11 Vulnerability Details: Name: Easy Digital Downloads <= 3.2.11 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE:…
Read MoreTranslatePress Vulnerability – Cross-Site Request Forgery – CVE-2024-34827 | WordPress Plugin Vulnerability Report
Plugin Name: TranslatePress Key Information: Software Type: Plugin Software Slug: translatepress-multilingual Software Status: Active Software Author: madalinungureanu Software Downloads: 10,058,842 Active Installs: 300,000 Last Updated: May 9, 2024 Patched Versions: 2.7.6 Affected Versions: <= 2.7.5 Vulnerability Details: Name: Translate Multilingual sites – TranslatePress <= 2.7.5 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE:…
Read MoreUnyson Vulnerability – Cross-Site Request Forgery – CVE-2024-34814 | WordPress Plugin Vulnerability Report
Plugin Name: Unyson Key Information: Software Type: Plugin Software Slug: unyson Software Status: Removed Software Author: unyson Software Downloads: 3,375,089 Active Installs: 200,000 Last Updated: May 9, 2024 Patched Versions: 2.7.31 Affected Versions: <= 2.7.30 Vulnerability Details: Name: Unyson <= 2.7.29 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-34814 CVSS Score: 4.3…
Read MoreFameTheme Demo Importer Vulnerability – Cross-Site Request Forgery – CVE-2024-33679 | WordPress Plugin Vulnerability Report
Plugin Name: FameTheme Demo Importer Key Information: Software Type: Plugin Software Slug: famethemes-demo-importer Software Status: Active Software Author: famethemes Software Downloads: 708,614 Active Installs: 50,000 Last Updated: May 10, 2024 Patched Versions: Not available Affected Versions: <= 1.1.5 Vulnerability Details: Name: FameTheme Demo Importer <= 1.1.5 Title: Cross-Site Request Forgery (CSRF) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-33679…
Read MoreBooking for Appointments and Events Calendar Vulnerability – Amelia – Cross-Site Request Forgery – CVE-2024-31425 | WordPress Plugin Vulnerability Report
Plugin Name: Booking for Appointments and Events Calendar – Amelia Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status: Active Software Author: ameliabooking Software Downloads: 602,133 Active Installs: 60,000 Last Updated: April 24, 2024 Patched Versions: 1.0.96 Affected Versions: <= 1.0.95 Vulnerability Details: Name: Amelia <= 1.0.95 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…
Read MoreAppointment Booking Calendar Vulnerability— Simply Schedule Appointments Booking Plugin – Cross-Site Request Forgery to Plugin Data Reset – CVE-2024-1760 | WordPress Plugin Vulnerability Report
Plugin Name: Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin Key Information: Software Type: Plugin Software Slug: simply-schedule-appointments Software Status: Active Software Author: croixhaug Software Downloads: 943,138 Active Installs: 60,000 Last Updated: March 7, 2024 Patched Versions: 1.6.6.24 Affected Versions: <= 1.6.6.20 Vulnerability Details: Name: Appointment Booking Calendar — Simply Schedule Appointments Booking Plugin…
Read More