Skip to main content
CVE-2023-28364 MEDIUM POC This Month

An Open Redirect vulnerability exists prior to version 1.52.117, where the built-in QR scanner in Brave Browser Android navigated to scanned URLs automatically without showing the URL first. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Open Redirect Browser
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-4394 MEDIUM POC PATCH This Month

The Locations plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Locations
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4388 MEDIUM POC This Month

The Opal Estate plugin for WordPress is vulnerable to featured property modifications in versions up to, and including, 1.6.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass WordPress Opal Estate
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4387 MEDIUM POC This Month

The Opal Estate plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Opal Estate
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36735 MEDIUM POC PATCH This Month

The WP ERP | Complete HR solution with recruitment & job listings | WooCommerce CRM & Accounting plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Wp Erp
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36739 MEDIUM POC PATCH This Month

The Feed Them Social - Page, Post, Video, and Photo Galleries plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Feed Them Social
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36738 MEDIUM POC PATCH This Month

The Cool Timeline (Horizontal & Vertical Timeline) plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Cool Timeline
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4390 MEDIUM POC This Month

The Contact Form 7 Style plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress CSRF Contact Form 7 Style
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36737 MEDIUM POC PATCH This Month

The Import / Export Customizer Settings plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Import Export Customizer Settings
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36736 MEDIUM POC PATCH This Month

The WooCommerce Checkout & Funnel Builder by CartFlows plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.15. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Cartflows
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36749 MEDIUM POC PATCH This Month

The Easy Testimonials plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Easy Testimonials
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36748 MEDIUM POC PATCH This Month

The Dokan plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.8. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Dokan
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36747 MEDIUM POC PATCH This Month

The Lightweight Sidebar Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Lightweight Sidebar Manager
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36746 MEDIUM POC PATCH This Month

The Menu Swapper plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.0.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Menu Swapper
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4393 MEDIUM POC PATCH This Month

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.0.17. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Ecommerce Product Catalog
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4392 MEDIUM POC PATCH This Month

The eCommerce Product Catalog Plugin for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.9.43. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Ecommerce Product Catalog
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4391 MEDIUM POC PATCH This Month

The Ultimate Gift Cards for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Ultimate Gift Cards For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4389 MEDIUM POC PATCH This Month

The WP Travel plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.4.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

WordPress CSRF Wp Travel
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4402 MEDIUM PATCH This Month

The Multiple Roles plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Multiple Roles
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4405 MEDIUM PATCH This Month

The ElasticPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.3. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Elasticpress
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4386 MEDIUM This Month

The WP Security Question plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Security Questions
NVD VulDB
CVSS 3.1
4.3
EPSS
0.2%
CVE-2021-4385 MEDIUM This Month

The WP Private Content Plus plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Private Content Plus
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4399 MEDIUM PATCH This Month

The Edwiser Bridge plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including,2.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Bridge
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4398 MEDIUM PATCH This Month

The Amministrazione Trasparente plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 7.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Amministrazione Trasparente
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4404 MEDIUM PATCH This Month

The Event Espresso 4 Decaf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.10.11. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Event Espresso 4 Decaf
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4403 MEDIUM PATCH This Month

The Remove Schema plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Remove Schema
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4397 MEDIUM PATCH This Month

The Staff Directory Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Staff Directory Plugin
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4396 MEDIUM PATCH This Month

The Rucy plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 0.4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Rucy
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4384 MEDIUM This Month

The WordPress Photo Gallery - Image Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.6. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Photo Contest
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36745 MEDIUM This Month

The WP Project Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Wp Project Manager
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36740 MEDIUM This Month

The Radio Buttons for Taxonomies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.0.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Radio Buttons For Taxonomies
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4400 MEDIUM PATCH This Month

The Better Search plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Better Search
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2021-4395 MEDIUM PATCH This Month

The Abandoned Cart Recovery for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Abandoned Cart Recovery For Woocommerce
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36744 MEDIUM This Month

The NotificationX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.8.2. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Notificationx
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36743 MEDIUM This Month

The Product Catalog Simple plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.13. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Product Catalog Simple
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36742 MEDIUM This Month

The Custom Field Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.5.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Custom Field Template
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%
CVE-2020-36741 MEDIUM This Month

The MultiVendorX plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.7. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Multivendorx
NVD VulDB
CVSS 3.1
4.3
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy