Vulnerabilities > Hasthemes

DATE CVE VULNERABILITY TITLE RISK
2023-03-27 CVE-2023-0498 Cross-Site Request Forgery (CSRF) vulnerability in Hasthemes WP Education
The WP Education WordPress plugin before 1.2.7 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
network
low complexity
hasthemes CWE-352
4.3
2023-03-27 CVE-2023-0499 Unspecified vulnerability in Hasthemes Quickswish
The QuickSwish WordPress plugin before 1.1.0 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
network
low complexity
hasthemes
4.3
2023-03-27 CVE-2023-0500 Unspecified vulnerability in Hasthemes WP Film Studio
The WP Film Studio WordPress plugin before 1.3.5 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
network
low complexity
hasthemes
6.5
2023-03-27 CVE-2023-0501 Unspecified vulnerability in Hasthemes WP Insurance
The WP Insurance WordPress plugin before 2.1.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
network
low complexity
hasthemes
6.5
2023-03-27 CVE-2023-0502 Unspecified vulnerability in Hasthemes WP News
The WP News WordPress plugin through 1.1.9 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
network
low complexity
hasthemes
6.5
2023-03-27 CVE-2023-0503 Unspecified vulnerability in Hasthemes Free Woocommerce Theme 99Fy Extension
The Free WooCommerce Theme 99fy Extension WordPress plugin before 1.2.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
network
low complexity
hasthemes
4.3
2023-03-27 CVE-2023-0504 Unspecified vulnerability in Hasthemes HT Politic
The HT Politic WordPress plugin before 2.3.8 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
network
low complexity
hasthemes
4.3
2023-03-27 CVE-2023-0505 Unspecified vulnerability in Hasthemes Ever Compare
The Ever Compare WordPress plugin through 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
network
low complexity
hasthemes
4.3
2023-03-27 CVE-2023-1086 Unspecified vulnerability in Hasthemes Preview Link Generator 1.0.0/1.0.2/1.0.3
The Preview Link Generator WordPress plugin before 1.0.4 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
network
low complexity
hasthemes
4.3
2023-03-27 CVE-2023-1087 Unspecified vulnerability in Hasthemes WC Sales Notification
The WC Sales Notification WordPress plugin before 1.2.3 does not have CSRF check when activating plugins, which could allow attackers to make logged in admins activate arbitrary plugins present on the blog via a CSRF attack
network
low complexity
hasthemes
4.3