Cross-Site Request Forgery

Colibri Page Builder Vulnerability – Cross-Site Request Fogery – CVE-2024-1362, CVE-2024-1361 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 22, 2024

Plugin Name: Colibri Page Builder Key Information: Software Type: Plugin Software Slug: colibri-page-builder Software Status: Active Software Author: extendthemes Software Downloads: 2,380,495 Active Installs: 100,000 Last Updated: February 22, 2024 Patched Versions: 1.0.260 Affected Versions: <= 1.0.253 Vulnerability Details: Name: Colibri Page Builder <= 1.0.253 – Cross-Site Request Fogery via cp_shortcode_refresh Title: Cross-Site Request Fogery via cp_shortcode_refresh Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-1362 CVSS Score: 4.3 (Medium) Publicly…

Read More

Paid Memberships Pro Vulnerability – Cross-Site Request Forgery to Level Orders Update – CVE-2024-0624 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 24, 2024

Plugin Name: Paid Memberships Pro Key Information: Software Type: Plugin Software Slug: paid-memberships-pro Software Status: Active Software Author: strangerstudios Software Downloads: 5,532,954 Active Installs: 90,000 Last Updated: January 24, 2024 Patched Versions: 2.12.8 Affected Versions: <= 2.12.7 Vulnerability Details: Name: Paid Memberships Pro <= 2.12.7 – Cross-Site Request Forgery to Level Orders Update Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2024-0624 CVSS Score: 5.3 (Medium) Publicly Published: January 24, 2024…

Read More

Newsletter Vulnerability– Send Awesome Emails from WordPress – Cross-Site Request Forgery |WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 10, 2024

Plugin Name: Newsletter – Send Awesome Emails from WordPress Key Information: Software Type: Plugin Software Slug: newsletter Software Status: Active Software Author: satollo Software Downloads: 23,000,399 Active Installs: 300,000 Last Updated: January 10, 2024 Patched Versions: 8.0.7 Affected Versions: <= 8.0.6 Vulnerability Details: Name: Newsletter <= 8.0.6 Title: Cross-Site Request Forgery (CSRF) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:N CVE:…

Read More

Metform Elementor Contact Form Builder Vulnerability – Cross-Site Request Forgery – CVE-2023-6788 | WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 8, 2024

Plugin Name: Metform Elementor Contact Form Builder Key Information: Software Type: Plugin Software Slug: metform Software Status: Active Software Author: xpeedstudio Software Downloads: 2,891,443 Active Installs: 300,000 Last Updated: January 8, 2024 Patched Versions: 3.8.2 Affected Versions: <= 3.8.1 Vulnerability Details: Name: Metform Elementor Contact Form Builder <= 3.8.1 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N…

Read More

WordPress Plugin Vulnerability Report – Ocean Extra – Cross-Site Request Forgery to Arbitrary Plugin Activation

By Your WP Guy / Nov 28, 2023

Plugin Name: Ocean Extra Key Information: Software Type: Plugin Software Slug: ocean-extra Software Status: Active Software Author: oceanwp Software Downloads: 19,047,434 Active Installs: 700,000 Last Updated: November 28, 2023 Patched Versions: 2.2.3 Affected Versions: <= 2.2.2 Vulnerability Details: Name: Ocean Extra <= 2.2.2 – Cross-Site Request Forgery to Arbitrary Plugin Activation Title: Cross-Site Request Forgery to Arbitrary Plugin Activation Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium)…

Read More

WordPress Plugin Vulnerability Report – Analytify – Cross-Site Request Forgery

By Your WP Guy / Nov 20, 2023

Plugin Name: Analytify Key Information: Software Type: Plugin Software Slug: wp-analytify Software Status: Active Software Author: hiddenpearls Software Downloads: 1,817,063 Active Installs: 40,000 Last Updated: November 20, 2023 Patched Versions: 5.2.0 Affected Versions: <= 5.1.0 Vulnerability Details: Name: Analytify Dashboard <= 5.1.0 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published: November 20, 2023 Description: The Analytify – Google Analytics…

Read More

WordPress Plugin Vulnerability Report – Elementor Addon Elements – Cross-Site Request Forgery – CVE-2023-4690

By Your WP Guy / Nov 15, 2023

Plugin Name: Elementor Addon Elements Key Information: Software Type: Plugin Software Slug: addon-elements-for-elementor-page-builder Software Status: Active Software Author: webtechstreet Software Downloads: 2,143,312 Active Installs: 100,000 Last Updated: November 15, 2023 Patched Versions: 1.12.8 Affected Versions: <= 1.12.7 Vulnerability Details: Name: Elementor Addon Elements <= 1.12.7 – Cross-Site Request Forgery Title: Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4690 CVSS Score: 5.4 (Medium) Publicly Published: November 15, 2023 Researcher: Marco…

Read More

WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248

By Your WP Guy / Oct 31, 2023

Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…

Read More

WordPress Plugin Vulnerability Report – Simple Calendar – Cross-Site Request Forgery

By Your WP Guy / Oct 20, 2023

Plugin Name: Simple Calendar – Google Calendar Plugin Key Information: Software Type: Plugin Software Slug: google-calendar-events Software Status: Active Software Author: simplecalendar Software Downloads: 2,568,146 Active Installs: 60,000 Last Updated: October 20, 2023 Patched Versions: 3.2.5 Affected Versions: <3.2.5 Vulnerability Details: Name: Simple Calendar <= 3.2.4 – Cross-Site Request Forgery via duplicate_feed Title: Cross-Site Request…

Read More