Skip to main content
CVE-2023-51683 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Scott Paterson Easy PayPal & Stripe Buy Now Button.8.1. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Easy Paypal Stripe Buy Now Button
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-52223 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in MailerLite MailerLite - WooCommerce integration.0.8. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Mailerlite
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-24705 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Octa Code Accessibility.0.6. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-0680 MEDIUM This Month

The WP Private Content Plus plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 3.6. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Wp Private Content Plus
NVD
CVSS 3.1
5.3
EPSS
0.6%
CVE-2024-27948 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in bytesforall Atahualpa.7.24. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Atahualpa
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2023-51533 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Ecwid Ecommerce Ecwid Ecommerce Shopping Cart.12.4. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Ecwid Ecommerce Shopping Cart
NVD
CVSS 3.1
5.4
EPSS
0.1%
CVE-2024-0682 MEDIUM This Month

The Page Restrict plugin for WordPress is vulnerable to information disclosure in all versions up to, and including, 2.5.5. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Pagerestrict
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2024-26450 MEDIUM This Month

An issue exists within Piwigo before v.14.2.0 allowing a malicious user to take over the application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS CSRF Piwigo
NVD GitHub
CVSS 3.1
5.4
EPSS
0.2%
CVE-2024-26016 MEDIUM PATCH This Month

A low privilege authenticated user could import an existing dashboard or chart that they do not have access to and then modify its metadata, thereby gaining ownership of the object. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Apache Superset
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2024-1636 MEDIUM This Month

Potential Cross-Site Scripting (XSS) in the page editing area. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Sitefinity
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2024-1136 MEDIUM PATCH This Month

The Coming Soon Page & Maintenance Mode plugin for WordPress is vulnerable to unauthorized access of data due to an improperly implemented URL check in the wpsm_coming_soon_redirect function in all. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Coming Soon Page Maintenance Mode
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-0975 MEDIUM PATCH This Month

The WordPress Access Control plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.0.13 via the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Authentication Bypass Information Disclosure WordPress Wordpress Access Control
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-1476 MEDIUM This Month

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6 via the REST API. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure WordPress Authentication Bypass Under Construction Maintenance Mode
NVD VulDB
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-1516 MEDIUM PATCH This Month

The WP eCommerce plugin for WordPress is vulnerable to unauthorized arbitrary post creation due to a missing capability check on the check_for_saas_push() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Wp Ecommerce
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-1368 MEDIUM PATCH This Month

The Page Duplicator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the duplicate_dat_page() function in all versions up to, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Page Duplicator
NVD
CVSS 3.1
5.3
EPSS
0.2%
CVE-2024-1965 MEDIUM This Month

Server-Side Request Forgery vulnerability in Haivision's Aviwest Manager and Aviwest Steamhub. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SSRF Maanager Streamhub
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2024-21798 MEDIUM This Month

ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wrc 1167Gs2 B Firmware Wrc 1167Gs2H B Firmware Wrc 1167Gst2 Firmware Wrc 2533Gs2 B Firmware +6
NVD
CVSS 3.1
4.8
EPSS
1.3%
CVE-2023-6922 MEDIUM This Month

The Under Construction / Maintenance Mode from Acurax plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.6 via the 'acx_csma_subscribe_ajax'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Information Disclosure Under Construction Maintenance Mode
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-0768 MEDIUM This Month

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Envo S Elementor Templates Widgets For Woocommerce Elementor
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-0431 MEDIUM This Month

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Gestpay For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-1388 MEDIUM PATCH This Month

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the reset_customizer_options() function in all versions up to, and including,. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Yuki
NVD
CVSS 3.1
4.3
EPSS
0.2%
CVE-2024-0766 MEDIUM This Month

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the templates_ajax_request. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass WordPress Envo S Elementor Templates Widgets For Woocommerce Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-52226 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Advanced Flamingo.0. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Advanced Flamingo
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1719 MEDIUM PATCH This Month

The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 - PayPal & Stripe Add-on all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Paypal Stripe Add On
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1861 MEDIUM PATCH This Month

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Anti Hacker
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0767 MEDIUM This Month

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Envo S Elementor Templates Widgets For Woocommerce Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0433 MEDIUM This Month

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Gestpay For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24702 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy Stratton Page Restrict.5.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pagerestrict
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51692 MEDIUM This Month

Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.38.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Customer Reviews For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1943 MEDIUM PATCH This Month

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Yuki
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0432 MEDIUM This Month

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Gestpay For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0560 MEDIUM PATCH This Month

A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure 3Scale
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-24772 MEDIUM PATCH This Month

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.0.4, from 3.1.0 before 3.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Superset
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2024-27315 MEDIUM PATCH This Month

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
4.3
EPSS
1.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy