Vulnerabilities > Cross-Site Request Forgery (CSRF)
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2022-1760 | Cross-Site Request Forgery (CSRF) vulnerability in Dd32 Core Control The Core Control WordPress plugin through 1.2.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack | 4.3 |
| 2024-01-16 | CVE-2022-3899 | Cross-Site Request Forgery (CSRF) vulnerability in 3Dprint Project 3Dprint The 3dprint WordPress plugin before 3.5.6.9 does not protect against CSRF attacks in the modified version of Tiny File Manager included with the plugin, allowing an attacker to craft a malicious request that will delete any number of files or directories on the target server by tricking a logged in admin into submitting a form. | 8.1 |
| 2024-01-16 | CVE-2023-0824 | Cross-Site Request Forgery (CSRF) vulnerability in Wpuserplus Userplus 1.0/1.1/2.0 The User registration & user profile WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged-in admin add Stored XSS payloads via a CSRF attack. | 6.5 |
| 2024-01-16 | CVE-2023-3178 | Cross-Site Request Forgery (CSRF) vulnerability in Wpexperts Post Smtp The POST SMTP Mailer WordPress plugin before 2.5.7 does not have proper CSRF checks in some AJAX actions, which could allow attackers to make logged in users with the manage_postman_smtp capability delete arbitrary logs via a CSRF attack. | 4.3 |
| 2024-01-16 | CVE-2023-6292 | Cross-Site Request Forgery (CSRF) vulnerability in Lightspeedhq Ecwid Ecommerce Shopping Cart The Ecwid Ecommerce Shopping Cart WordPress plugin before 6.12.5 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack. | 4.3 |
| 2024-01-16 | CVE-2023-7083 | Cross-Site Request Forgery (CSRF) vulnerability in Davidjmiller Voting Record The Voting Record WordPress plugin through 2.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack | 5.4 |
| 2024-01-16 | CVE-2023-7125 | Cross-Site Request Forgery (CSRF) vulnerability in Peepso The Community by PeepSo WordPress plugin before 6.3.1.2 does not have CSRF check when creating a user post (visible on their wall in their profile page), which could allow attackers to make logged in users perform such action via a CSRF attack | 4.3 |
| 2024-01-12 | CVE-2023-51949 | Cross-Site Request Forgery (CSRF) vulnerability in Verydows 2.0 Verydows v2.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /protected/controller/backend/role_controller | 8.8 |
| 2024-01-11 | CVE-2023-6242 | Cross-Site Request Forgery (CSRF) vulnerability in Myeventon Eventon The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). | 4.3 |
| 2024-01-11 | CVE-2023-6244 | Cross-Site Request Forgery (CSRF) vulnerability in Myeventon Eventon The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). | 4.3 |