Posts Tagged ‘nonce validation’
Blocksy Companion Vulnerability – Cross-Site Request Forgery – CVE-2024-31932 | WordPress Plugin Vulnerability Report
Plugin Name: Blocksy Companion Key Information: Software Type: Plugin Software Slug: blocksy-companion Software Status: Active Software Author: creativethemeshq Software Downloads: 7,114,824 Active Installs: 200,000 Last Updated: April 24, 2024 Patched Versions: 2.0.29 Affected Versions: <= 2.0.28 Vulnerability Details: Name: Blocksy Companion <= 2.0.28 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVE: CVE-2024-31932 CVSS Score: 5.3 Publicly…
Read MoreSmash Balloon Social Post Feed Vulnerability – Cross-Site Request Forgery – CVE-2024-31379 | WordPress Plugin Vulnerability Report
Plugin Name: Smash Balloon Social Post Feed Key Information: Software Type: Plugin Software Slug: custom-facebook-feed Software Status: Active Software Author: smub Software Downloads: 7,212,481 Active Installs: 200,000 Last Updated: April 22, 2024 Patched Versions: 4.2.2 Affected Versions: <= 4.2.1 Vulnerability Details: Name: Smash Balloon Social Post Feed <= 4.2.1 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N…
Read MoreSpotlight Social Feeds [Block, Shortcode, and Widget] Vulnerability – Cross-Site Request Forgery – CVE-2024-31381 | WordPress Plugin Vulnerability Report
Plugin Name: Spotlight Social Feeds [Block, Shortcode, and Widget] Key Information: Software Type: Plugin Software Slug: spotlight-social-photo-feeds Software Status: Active Software Author: rebelcode Software Downloads: 1,093,293 Active Installs: 60,000 Last Updated: April 22, 2024 Patched Versions: 1.6.11 Affected Versions: <= 1.6.10 Vulnerability Details: Name: Spotlight Social Media Feeds <= 1.6.10 Title: Cross-Site Request Forgery Type:…
Read MoreThe Events Calendar Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31433 | WordPress Plugin Vulnerability Report
Plugin Name: The Events Calendar Key Information: Software Type: Plugin Software Slug: the-events-calendar Software Status: Active Software Author: theeventscalendar Software Downloads: 56,148,469 Active Installs: 700,000 Last Updated: April 22, 2024 Patched Versions: 6.3.1 Affected Versions: <= 6.3.0 Vulnerability Details: Name: The Events Calendar <= 6.3.0 Title: Cross-Site Request Forgery to Notice Dismissal Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…
Read MoreBooking for Appointments and Events Calendar Vulnerability – Amelia – Cross-Site Request Forgery – CVE-2024-31425 | WordPress Plugin Vulnerability Report
Plugin Name: Booking for Appointments and Events Calendar – Amelia Key Information: Software Type: Plugin Software Slug: ameliabooking Software Status: Active Software Author: ameliabooking Software Downloads: 602,133 Active Installs: 60,000 Last Updated: April 24, 2024 Patched Versions: 1.0.96 Affected Versions: <= 1.0.95 Vulnerability Details: Name: Amelia <= 1.0.95 Title: Cross-Site Request Forgery Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE:…
Read MoreFavicon by RealFaviconGenerator Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31422 | WordPress Plugin Vulnerability Report
Plugin Name: Favicon by RealFaviconGenerator Key Information: Software Type: Plugin Software Slug: favicon-by-realfavicongenerator Software Status: Active Software Author: phbernard Software Downloads: 3,235,128 Active Installs: 300,000 Last Updated: April 24, 2024 Patched Versions: 1.3.30 Affected Versions: <= 1.3.29 Vulnerability Details: Name: Favicon <= 1.3.29 Title: Cross-Site Request Forgery to Notice Dismissal Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31422 CVSS…
Read MoreImport any XML or CSV File to WordPress Vulnerability – Cross-Site Request Forgery to Notice Dismissal – CVE-2024-31939 | WordPress Plugin Vulnerability Report
Plugin Name: Import any XML or CSV File to WordPress Key Information: Software Type: Plugin Software Slug: wp-all-import Software Status: Active Software Author: wpallimport Software Downloads: 3,920,346 Active Installs: 100,000 Last Updated: April 24, 2024 Patched Versions: 3.7.4 Affected Versions: <= 3.7.3 Vulnerability Details: Name: Import any XML or CSV File to WordPress <= 3.7.3…
Read MoreInline Related Posts Vulnerability – Cross-Site Request Forgery – CVE-2024-31426 | WordPress Plugin Vulnerability Report
Plugin Name: Inline Related Posts Key Information: Software Type: Plugin Software Slug: intelly-related-posts Software Status: Active Software Author: data443 Software Downloads: 1,297,547 Active Installs: 100,000 Last Updated: April 24, 2024 Patched Versions: 3.4.0 Affected Versions: <= 3.3.1 Vulnerability Details: Name: Inline Related Posts <= 3.3.1 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31426 CVSS Score: 4.3 Publicly Published: April…
Read MoreLink Whisper Free Vulnerability – Cross-Site Request Forgery – CVE-2024-31934 | WordPress Plugin Vulnerability Report
Plugin Name: Link Whisper Free Key Information: Software Type: Plugin Software Slug: link-whisper Software Status: Active Software Author: linkwhspr Software Downloads: 480,622 Active Installs: 30,000 Last Updated: April 24, 2024 Patched Versions: 0.7.0 Affected Versions: <= 0.6.9 Vulnerability Details: Name: Link Whisper Free <= 0.6.9 Type: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N CVE: CVE-2024-31934 CVSS Score: 4.3 Publicly Published: April…
Read MoreFormidable Forms Vulnerability– Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder – Cross-Site Request Forgery to Stored Cross-Site Scripting – CVE-2024-0660 |WordPress Plugin Vulnerability Report
Plugin Name: Formidable Forms – Contact Form, Survey, Quiz, Payment, Calculator Form & Custom Form Builder Key Information: Software Type: Plugin Software Slug: formidable Software Status: Active Software Author: strategy11team Software Downloads: 19,521,336 Active Installs: 300,000 Last Updated: January 30, 2024 Patched Versions: 6.8 Affected Versions: <= 6.7.2 Vulnerability Details: Name: Formidable Forms <= 6.7.2…
Read More