Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-17 | CVE-2022-41990 | Cross-Site Request Forgery (CSRF) vulnerability in Cardozatechnologies Cardoza-3D-Tag-Cloud Cross-Site Request Forgery (CSRF) vulnerability in Vinoj Cardoza 3D Tag Cloud allows Stored XSS.This issue affects 3D Tag Cloud: from n/a through 3.8. | 8.8 |
| 2024-01-17 | CVE-2023-5006 | Cross-Site Request Forgery (CSRF) vulnerability in Sarveshmrao WP Discord Invite The WP Discord Invite WordPress plugin before 2.5.1 does not protect some of its actions against CSRF attacks, allowing an unauthenticated attacker to perform actions on their behalf by tricking a logged in administrator to submit a crafted request. | 6.5 |
| 2024-01-16 | CVE-2021-24870 | Cross-Site Request Forgery (CSRF) vulnerability in Wpfastestcache WP Fastest Cache The WP Fastest Cache WordPress plugin before 0.9.5 is lacking a CSRF check in its wpfc_save_cdn_integration AJAX action, and does not sanitise and escape some the options available via the action, which could allow attackers to make logged in high privilege users call it and set a Cross-Site Scripting payload | 6.1 |
| 2024-01-16 | CVE-2021-25117 | Cross-Site Request Forgery (CSRF) vulnerability in Lesterchan Wp-Postratings The WP-PostRatings WordPress plugin before 1.86.1 does not sanitise the postratings_image parameter from its options page (wp-admin/admin.php?page=wp-postratings/postratings-options.php). | 4.8 |
| 2024-01-16 | CVE-2022-1617 | Cross-Site Request Forgery (CSRF) vulnerability in Usabilitydynamics Wp-Invoice The WP-Invoice WordPress plugin through 4.3.1 does not have CSRF check in place when updating its settings, and is lacking sanitisation as well as escaping in some of them, allowing attacker to make a logged in admin change them and add XSS payload in them | 6.1 |
| 2024-01-16 | CVE-2022-1618 | Cross-Site Request Forgery (CSRF) vulnerability in Marcorulicke Coru Lfmember 1.0.2 The Coru LFMember WordPress plugin through 1.0.2 does not have CSRF check in place when adding a new game, and is lacking sanitisation as well as escaping in their settings, allowing attacker to make a logged in admin add an arbitrary game with XSS payloads | 6.1 |
| 2024-01-16 | CVE-2022-1760 | Cross-Site Request Forgery (CSRF) vulnerability in Dd32 Core Control The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |
| 2024-01-16 | CVE-2022-3899 | Cross-Site Request Forgery (CSRF) vulnerability in 3Dprint Project 3Dprint The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form. | 8.1 |
| 2024-01-16 | CVE-2023-0824 | Cross-Site Request Forgery (CSRF) vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. | 6.5 |
| 2024-01-16 | CVE-2023-3178 | Cross-Site Request Forgery (CSRF) vulnerability in Wpexperts Post Smtp The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack. | 4.3 |