CSRF attack

SecuPress Free Vulnerability — WordPress Security – Cross-Site Request Forgery to Banned IP Address – CVE-2024-1504 | WordPress Plugin Vulnerability Report

By Your WP Guy / Apr 1, 2024

Plugin Name: SecuPress Free – WordPress Security Key Information: Software Type: Plugin Software Slug: secupress Software Status: Active Software Author: SecuPress Software Downloads: 623,070 Active Installs: 40,000 Last Updated: April 2, 2024 Patched Versions: 2.2.5.2 Affected Versions: <= 2.2.5.1 Vulnerability Details: Name: SecuPress Free – WordPress Security <= 2.2.5.1 Title: Cross-Site Request Forgery to Banned…

Read More

Microsoft Clarity Vulnerability- Cross-Site Request Forgery to Stored Cross-Site Scripting – CVE-2024-0590 |WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 16, 2024

Plugin Name: Microsoft Clarity Key Information: Software Type: Plugin Software Slug: microsoft-clarity Software Status: Active Software Author: sammartin Software Downloads: 312,923 Active Installs: 70,000 Last Updated: February 27, 2024 Patched Versions: 0.9.4 Affected Versions: <= 0.9.3 Vulnerability Details: Name: Microsoft Clarity <= 0.9.3 Title: Cross-Site Request Forgery to Stored Cross-Site Scripting Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE: CVE-2024-0590…

Read More

Orbit Fox by ThemeIsle Vulnerability – Cross-Site Request Forgery – CVE-2024-1162 | WordPress Plugin Vulnerability Report

By Your WP Guy / Feb 1, 2024

Plugin Name: Orbit Fox by ThemeIsle Key Information: Software Type: Plugin Software Slug: themeisle-companion Software Status: Active Software Author: ThemeIsle Software Downloads: 11,093,244 Active Installs: 200,000 Last Updated: February 1, 2024 Patched Versions: 2.10.230 Affected Versions: <= 2.10.29 Vulnerability Details: Name: Orbit Fox by ThemeIsle <= 2.10.29 Title: Cross-Site Request Forgery (CSRF) Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…

Read More

Form Maker by 10Web Vulnerability– Mobile-Friendly Drag & Drop Contact Form Builder – Cross-Site Request Forgery to Limited Code Execution via Execute – CVE-2024-0667 |WordPress Plugin Vulnerability Report

By Your WP Guy / Jan 26, 2024

Plugin Name: Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Key Information: Software Type: Plugin Software Slug: form-maker Software Status: Active Software Author: 10web Software Downloads: 4,670,950 Active Installs: 60,000 Last Updated: February 1, 2024 Patched Versions: 1.15.22 Affected Versions: <= 1.15.21 Vulnerability Details: Name: Form-Maker (twb_form-maker) <= 1.15.21 Title: Cross-Site…

Read More