CWE-352— Cross-Site Request Forgery (CSRF)

Cross-Site Request Forgery (CSRF) vulnerability in Themeisle Disable Admin Notices individually disable-admin-notices allows Cross Site Request Forgery.This issue affects Disable Admin Notices individually: from n/a through <= 1.4.0.

Cross-Site Request Forgery (CSRF) vulnerability in wp-buy WP Popup Window Maker easy-popup-lightbox-maker allows Stored XSS.This issue affects WP Popup Window Maker: from n/a through <= 2.0.

Cross-Site Request Forgery (CSRF) vulnerability in sureshdsk wp-login customizer wp-login-customizer allows Stored XSS.This issue affects wp-login customizer: from n/a through <= 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in Buying Buddy Buying Buddy IDX CRM buying-buddy-idx-crm allows Object Injection.This issue affects Buying Buddy IDX CRM: from n/a through <= 1.2.8.

Cross-Site Request Forgery (CSRF) vulnerability in aaronrobbins Post Ideas post-ideas allows SQL Injection.This issue affects Post Ideas: from n/a through <= 2.

Cross-Site Request Forgery (CSRF) vulnerability in docxpresso Document & Data Automation document-data-automation allows Stored XSS.This issue affects Document & Data Automation: from n/a through <= 1.6.1.

Cross-Site Request Forgery (CSRF) vulnerability in Astoundify Jobify jobify allows Cross Site Request Forgery.This issue affects Jobify: from n/a through < 4.3.0.

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make non-logged in users execute an XSS payload via a CSRF att…

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack

The wp-affiliate-platform WordPress plugin before 6.5.2 does not have CSRF check in place when deleting affiliates, which could allow attackers to make a logged in user change delete them via a CSRF attack

The wp-affiliate-platform WordPress plugin before 6.5.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in user change them via a CSRF attack

The Photo Gallery, Images, Slider in Rbs Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.19. This is due to missing or incorrect nonce validation on the 'rbs_ajax_cre…

WeGIA v3.2.0 was discovered to contain a Cross-Site Request Forgery (CSRF).

A cross-site request forgery (csrf) vulnerability exists in the WEBVIEW-M functionality of Socomec DIRIS Digiware M-70 1.6.9. A specially crafted HTTP request can lead to unauthorized access. An attacker can stage a malicious webpage to tr…

Cross-Site Request Forgery (CSRF) vulnerability in ahmeti Ahmeti Wp Güzel Sözler ahmeti-wp-guzel-sozler allows Cross Site Request Forgery.This issue affects Ahmeti Wp Güzel Sözler: from n/a through <= 4.0.

Cross-Site Request Forgery (CSRF) vulnerability in ITERAS ITERAS iteras allows Stored XSS.This issue affects ITERAS: from n/a through <= 1.8.0.

Cross-Site Request Forgery (CSRF) vulnerability in tranchesdunet Hotlink2Watermark hotlink2watermark allows Stored XSS.This issue affects Hotlink2Watermark: from n/a through <= 0.3.2.

Cross-Site Request Forgery (CSRF) vulnerability in kevmimcc Kevin's kevins-plugin allows Stored XSS.This issue affects Kevin's: from n/a through <= 2.0.0.

Cross-Site Request Forgery (CSRF) vulnerability in rickota Silverlight Video Player smooth-streaming-player allows Stored XSS.This issue affects Silverlight Video Player: from n/a through <= 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in Irish_Cathal Continue Shopping From Cart continue-shopping-from-cart-page allows Stored XSS.This issue affects Continue Shopping From Cart: from n/a through <= 1.3.

Cross-Site Request Forgery (CSRF) vulnerability in Thomas Hoefter Simple Travel Map simple-travel-map allows Stored XSS.This issue affects Simple Travel Map: from n/a through <= 0.1.

Cross-Site Request Forgery (CSRF) vulnerability in overtrue wp auto top wp-auto-top allows Stored XSS.This issue affects wp auto top: from n/a through <= 2.9.3.

Cross-Site Request Forgery (CSRF) vulnerability in yonisink yPHPlista yphplista allows Stored XSS.This issue affects yPHPlista: from n/a through <= 1.1.1.

Cross-Site Request Forgery (CSRF) vulnerability in Eric Teubert Multi Feed Reader multi-feed-reader allows Stored XSS.This issue affects Multi Feed Reader: from n/a through <= 2.2.4.

Cross-Site Request Forgery (CSRF) vulnerability in onigetoc Zajax – Ajax Navigation zajax-ajax-navigation allows Stored XSS.This issue affects Zajax – Ajax Navigation: from n/a through <= 0.4.

Cross-Site Request Forgery (CSRF) vulnerability in ole1986 WP-ISPConfig 3 wp-ispconfig3 allows Stored XSS.This issue affects WP-ISPConfig 3: from n/a through <= 1.5.6.

Cross-Site Request Forgery (CSRF) vulnerability in rockemmusic Favicon My Blog favicon-my-blog allows Stored XSS.This issue affects Favicon My Blog: from n/a through <= 1.0.2.

Cross-Site Request Forgery (CSRF) vulnerability in acbaltaci Google Plus Share and +1 Button google-plus-share-and-plusone-button allows Stored XSS.This issue affects Google Plus Share and +1 Button: from n/a through <= 1.0.

Cross-Site Request Forgery (CSRF) vulnerability in ronnybull IceStats icestats allows Stored XSS.This issue affects IceStats: from n/a through <= 1.3.

Cross-Site Request Forgery (CSRF) vulnerability in aMiT Post Hits Counter hits-counter allows Reflected XSS.This issue affects Post Hits Counter: from n/a through <= 2.8.23.

Cross-Site Request Forgery (CSRF) vulnerability in RealtyCandy.com RealtyCandy IDX Broker Extended realtycandy-idx-broker-extended allows Stored XSS.This issue affects RealtyCandy IDX Broker Extended: from n/a through <= 1.5.1.

Cross-Site Request Forgery (CSRF) vulnerability in Lars Koudal LinkLaunder SEO linklaunder-seo-plugin allows Stored XSS.This issue affects LinkLaunder SEO: from n/a through <= 0.92.1.

Cross-Site Request Forgery (CSRF) vulnerability in Oliver Lindner Protect Your Content protect-your-content allows Stored XSS.This issue affects Protect Your Content: from n/a through <= 1.0.2.

Cross-Site Request Forgery (CSRF) vulnerability in plumwd Blizzard Quotes blizzard-quotes allows Stored XSS.This issue affects Blizzard Quotes: from n/a through <= 1.3.

Cross-Site Request Forgery (CSRF) vulnerability in springthistle April's Call Posts aprils-call-posts allows Stored XSS.This issue affects April's Call Posts: from n/a through <= 2.1.1.

Cross-Site Request Forgery (CSRF) vulnerability in wpwox Footer Flyout Widget footer-flyout-widget allows Stored XSS.This issue affects Footer Flyout Widget: from n/a through <= 1.1.

Cross-Site Request Forgery (CSRF) vulnerability in Jamie O Idealien Category Enhancements idealien-category-enhancements allows Stored XSS.This issue affects Idealien Category Enhancements: from n/a through <= 1.2.

Cross-Site Request Forgery (CSRF) vulnerability in Jason Grim Custom Shortcode Sidebars custom-shortcode-sidebars allows Stored XSS.This issue affects Custom Shortcode Sidebars: from n/a through <= 1.2.

Cross-Site Request Forgery (CSRF) vulnerability in Maeve Lander PayPal Responder allows Stored XSS.This issue affects PayPal Responder: from n/a through 1.2.

Cross-Site Request Forgery (CSRF) vulnerability in hakeemnala Build App Online build-app-online allows Cross Site Request Forgery.This issue affects Build App Online: from n/a through <= 1.0.23.

Cross-Site Request Forgery (CSRF) vulnerability in CultBooking CultBooking Hotel Booking Engine cultbooking-booking-engine allows Stored XSS.This issue affects CultBooking Hotel Booking Engine: from n/a through <= 2.1.

Cross-Site Request Forgery (CSRF) vulnerability in Irish_Cathal Out Of Stock Badge out-of-stock-badge allows Cross Site Request Forgery.This issue affects Out Of Stock Badge: from n/a through <= 2.0.

Cross-Site Request Forgery (CSRF) vulnerability in Andrea Pernici Third Party Cookie Eraser third-party-cookie-eraser allows Stored XSS.This issue affects Third Party Cookie Eraser: from n/a through <= 1.0.2.

Cross-Site Request Forgery (CSRF) vulnerability in P Roy WP Revisions Manager wp-revisions-manager allows Cross Site Request Forgery.This issue affects WP Revisions Manager: from n/a through <= 1.0.2.

Cross-Site Request Forgery (CSRF) vulnerability in FasterThemes FastBook fastbook-responsive-appointment-booking-and-scheduling-system allows Stored XSS.This issue affects FastBook: from n/a through <= 1.1.

Cross-Site Request Forgery (CSRF) vulnerability in Think201 Mins To Read mins-to-read allows Stored XSS.This issue affects Mins To Read: from n/a through <= 1.2.2.

Cross-Site Request Forgery (CSRF) vulnerability in lriaudel Custom Post Type to Map Store cpt-to-map-store allows Stored XSS.This issue affects Custom Post Type to Map Store: from n/a through <= 1.1.0.

Cross-Site Request Forgery (CSRF) vulnerability in pbmacintyre RingCentral Communications rccp-free allows Stored XSS.This issue affects RingCentral Communications: from n/a through <= 1.7.0.

Cross-Site Request Forgery (CSRF) vulnerability in benmoreassynt DancePress (TRWA) dancepress-trwa allows Cross Site Request Forgery.This issue affects DancePress (TRWA): from n/a through <= 3.1.11.

Cross-Site Request Forgery (CSRF) vulnerability in raphaelheide Donate Me donate-me allows Stored XSS.This issue affects Donate Me: from n/a through <= 1.2.5.