Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-29 | CVE-2023-6390 | Cross-Site Request Forgery (CSRF) vulnerability in Jonathonkemp Wordpress Users 1.4.0 The WordPress Users WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
| 2024-01-29 | CVE-2023-6391 | Cross-Site Request Forgery (CSRF) vulnerability in Jeremiahorem Custom User CSS 0.2 The Custom User CSS WordPress plugin through 0.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
| 2024-01-29 | CVE-2023-6503 | Cross-Site Request Forgery (CSRF) vulnerability in Paulgriffinpetty WP Plugin Lister 2.1.0 The WP Plugin Lister WordPress plugin through 2.1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack. | 5.4 |
| 2024-01-29 | CVE-2023-6633 | Cross-Site Request Forgery (CSRF) vulnerability in Sidenotesproject Side Notes 2.0.0 The Site Notes WordPress plugin through 2.0.0 does not have CSRF checks in some of its functionalities, which could allow attackers to make logged in users perform unwanted actions, such as deleting administration notes, via CSRF attacks | 4.3 |
| 2024-01-29 | CVE-2023-6946 | Cross-Site Request Forgery (CSRF) vulnerability in Unalignedcode Autotitle 1.0.3 The Autotitle for WordPress plugin through 1.0.3 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
| 2024-01-29 | CVE-2023-7074 | Cross-Site Request Forgery (CSRF) vulnerability in Giovambattistafazioli WP Social Bookmark Menu 1.2 The WP SOCIAL BOOKMARK MENU WordPress plugin through 1.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 8.8 |
| 2024-01-27 | CVE-2024-0667 | Cross-Site Request Forgery (CSRF) vulnerability in 10Web Form Maker The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.15.21. | 6.3 |
| 2024-01-25 | CVE-2024-0624 | Cross-Site Request Forgery (CSRF) vulnerability in Strangerstudios Paid Memberships PRO The Paid Memberships Pro – Content Restriction, User Registration, & Paid Subscriptions plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.12.7. | 5.3 |
| 2024-01-24 | CVE-2024-23902 | Cross-Site Request Forgery (CSRF) vulnerability in Jenkins Github Branch Source A cross-site request forgery (CSRF) vulnerability in Jenkins GitLab Branch Source Plugin 684.vea_fa_7c1e2fe3 and earlier allows attackers to connect to an attacker-specified URL. | 4.3 |
| 2024-01-22 | CVE-2023-6625 | Cross-Site Request Forgery (CSRF) vulnerability in Gravitymaster Product Enquiry for Woocommerce 3.0 The Product Enquiry for WooCommerce WordPress plugin before 3.1 does not have a CSRF check in place when deleting inquiries, which could allow attackers to make a logged in admin delete them via a CSRF attack | 4.3 |