CSRF
WordPress Plugin Vulnerability Report – Code Snippets – Cross-Site Request Forgery via load
Plugin Name: Code Snippets Key Information: Software Type: Plugin Software Slug: code-snippets Software Status: Active Software Author: bungeshea Software Downloads: 8,867,266 Active Installs: 800,000 Last Updated: November 6, 2023 Patched Versions: 3.6.0 Affected Versions: < 3.6.0 Vulnerability Details: Name: Code Snippets <= 3.5.0 – Cross-Site Request Forgery via load Type: Cross-Site Request Forgery (CSRF) CVSS Score: 5.4 (Medium) Publicly Published: November 6, 2023 Description: The Code Snippets plugin for…
WordPress Plugin Vulnerability Report – Top 10 – Cross-Site Request Forgery via edit_count_ajax
Plugin Name: Top 10 Key Information: Software Type: Plugin Software Slug: top-10 Software Status: Active Software Author: ajay Software Downloads: 1,049,082 Active Installs: 20,000 Last Updated: November 3, 2023 Patched Versions: 3.3.3 Affected Versions: <= 3.3.2 Vulnerability Details: Name: Top 10 <= 3.3.2 – Cross-Site Request Forgery via edit_count_ajax Title: Cross-Site Request Forgery via edit_count_ajax…
WordPress Plugin Vulnerability Report – Kadence WooCommerce Email Designer – Cross-Site Request Forgery
Plugin Name: Kadence WooCommerce Email Designer Key Information: Software Type: Plugin Software Slug: kadence-woocommerce-email-designer Software Status: Active Software Author: britner Software Downloads: 1,533,682 Active Installs: 100,000 Last Updated: November 2, 2023 Patched Versions: 1.5.12 Affected Versions: <= 1.5.11 Vulnerability Details: Name: Kadence WooCommerce Email Designer <= 1.5.11 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published: November 2, 2023 Description: The Kadence WooCommerce…
WordPress Plugin Vulnerability Report – GiveWP – Cross-Site Request Forgery – CVE-2023-4247, CVE-2023-4248
Plugin Name: GiveWP Key Information: Software Type: Plugin Software Slug: give Software Status: Active Software Author: webdevmattcrom Software Downloads: 6,043,447 Active Installs: 100,000 Last Updated: October 31, 2023 Patched Versions: 2.33.4 Affected Versions: <= 2.33.3 Vulnerability 1 Details: Name: GiveWP <= 2.33.3 – Cross-Site Request Forgery to plugin deactivation Title: Cross-Site Request Forgery to plugin deactivation Type: Cross-Site Request Forgery (CSRF) CVE: CVE-2023-4247 CVSS Score: 5.4 (Medium) Publicly Published: October…
WordPress Plugin Vulnerability Report – Simple Calendar – Cross-Site Request Forgery
Plugin Name: Simple Calendar – Google Calendar Plugin Key Information: Software Type: Plugin Software Slug: google-calendar-events Software Status: Active Software Author: simplecalendar Software Downloads: 2,568,146 Active Installs: 60,000 Last Updated: October 20, 2023 Patched Versions: 3.2.5 Affected Versions: <3.2.5 Vulnerability Details: Name: Simple Calendar <= 3.2.4 – Cross-Site Request Forgery via duplicate_feed Title: Cross-Site Request…
WordPress Plugin Vulnerability Report – WooCommerce Stripe Payment Gateway – Cross-Site Request Forgery
Plugin Name: WooCommerce Stripe Payment Gateway Key Information: Software Type: Plugin Software Slug: woocommerce-gateway-stripe Software Status: Active Software Author: automattic Software Downloads: 28,425,774 Active Installs: 800,000 Last Updated: October 17, 2023 Patched Versions: 7.6.1 Affected Versions: <=7.6.0 Vulnerability Details: Name: Stripe Gateway <= 7.6.0 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score:…
WordPress Plugin Vulnerability Report – Social Media Share Buttons & Social Sharing Icons – Cross-Site Request Forgery – CVE-2023-5602 – Information Exposure – CVE-2023-5070
Plugin Name: Social Media Share Buttons & Social Sharing Icons Key Information: Software Type: Plugin Software Slug: ultimate-social-media-icons Software Status: Active Software Author: socialdude Software Downloads: 10,654,500 Active Installs: 100,000 Last Updated: October 16, 2023 Patched Versions: 2.8.6 Affected Versions: <=2.8.5 Vulnerability 1 Details: Name: Social Media Share Buttons & Social Sharing Icons <= 2.8.5 – Cross-Site Request Forgery Type: Cross-Site…
WordPress Plugin Vulnerability Report: EmbedPress – Cross-Site Request Forgery
Plugin Name: EmbedPress Key Information: Software Type: Plugin Software Slug: embedpress Software Status: Active Software Author: wpdevteam Software Downloads: 1,709,151 Active Installs: 80,000 Last Updated: September 8, 2023 Patched Versions: 3.8.4 Affected Versions: <3.8.4 Vulnerability Details: Name: EmbedPress <= 3.8.3 – Cross-Site Request Forgery Type: Cross-Site Request Forgery (CSRF) CVSS Score: 4.3 (Medium) Publicly Published:…