Vulnerabilities > Cross-Site Request Forgery (CSRF)

DATE CVE VULNERABILITY TITLE RISK
2022-06-13 CVE-2022-1749 Cross-Site Request Forgery (CSRF) vulnerability in Wpmk Ajax Finder Project Wpmk Ajax Finder
The WPMK Ajax Finder WordPress plugin is vulnerable to Cross-Site Request Forgery via the createplugin_atf_admin_setting_page() function found in the ~/inc/config/create-plugin-config.php file due to a missing nonce check which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.
6.8
2022-06-13 CVE-2022-1969 Cross-Site Request Forgery (CSRF) vulnerability in Script Mobile Browser Color Select
The Mobile browser color select plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.1.
network
script CWE-352
6.8
2022-06-13 CVE-2022-1594 Cross-Site Request Forgery (CSRF) vulnerability in HC Custom Wp-Admin URL Project HC Custom Wp-Admin URL 1.4
The HC Custom WP-Admin URL WordPress plugin through 1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, allowing them to change the login URL
4.3
2022-06-13 CVE-2022-1605 Cross-Site Request Forgery (CSRF) vulnerability in Email Users Project Email Users 4.8.8
The Email Users WordPress plugin through 4.8.8 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and change the notification settings of arbitrary users
4.3
2022-06-13 CVE-2022-1608 Cross-Site Request Forgery (CSRF) vulnerability in Byonepress Social Locker
The OnePress Social Locker WordPress plugin through 5.6.2 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
4.3
2022-06-13 CVE-2022-1612 Cross-Site Request Forgery (CSRF) vulnerability in Webriti Smtp Mail 1.0
The Webriti SMTP Mail WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
network
webriti CWE-352
4.3
2022-06-13 CVE-2022-1624 Cross-Site Request Forgery (CSRF) vulnerability in Latest Tweets Widget Project Latest Tweets Widget 1.1.4
The Latest Tweets Widget WordPress plugin through 1.1.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
4.3
2022-06-13 CVE-2022-1694 Cross-Site Request Forgery (CSRF) vulnerability in Useful Banner Manager Project Useful Banner Manager 1.6.1
The Useful Banner Manager WordPress plugin through 1.6.1 does not perform CSRF checks on POST requests to its admin page, allowing an attacker to trick a logged in admin to add, modify or delete banners from the plugin by submitting a form.
4.3
2022-06-13 CVE-2022-1758 Cross-Site Request Forgery (CSRF) vulnerability in Genki Pre-Publish Reminder Project Genki Pre-Publish Reminder
The Genki Pre-Publish Reminder WordPress plugin through 1.4.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack and lead to Stored XSS as well as RCE when custom code is added via the plugin settings.
6.8
2022-06-13 CVE-2022-1759 Cross-Site Request Forgery (CSRF) vulnerability in RB Internal Links Project RB Internal Links
The RB Internal Links WordPress plugin through 2.0.16 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack, as well as perform Stored Cross-Site Scripting attacks due to the lack of sanitisation and escaping
3.5