Skip to main content
CVE-2024-1719 MEDIUM PATCH This Month

The Easy PayPal & Stripe Buy Now Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.3 and in Contact Form 7 - PayPal & Stripe Add-on all. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Paypal Stripe Add On
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1861 MEDIUM PATCH This Month

The Disable Json API, Login Lockdown, XMLRPC, Pingback, Stop User Enumeration Anti Hacker Scan plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Anti Hacker
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0767 MEDIUM This Month

The Envo's Elementor Templates & Widgets for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.4.4. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Envo S Elementor Templates Widgets For Woocommerce Elementor
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0433 MEDIUM This Month

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Gestpay For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-24702 MEDIUM This Month

Cross-Site Request Forgery (CSRF) vulnerability in Matt Martz & Andy Stratton Page Restrict.5.5. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Pagerestrict
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2023-51692 MEDIUM This Month

Missing Authorization vulnerability in CusRev Customer Reviews for WooCommerce.38.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Customer Reviews For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1943 MEDIUM PATCH This Month

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Request Forgery (CSRF) vulnerability could allow attackers to trick authenticated users into performing unintended actions.

WordPress CSRF Yuki
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0432 MEDIUM This Month

The Gestpay for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 20221130. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress CSRF Gestpay For Woocommerce
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-0560 MEDIUM PATCH This Month

A vulnerability was found in 3Scale, when used with Keycloak 15 (or RHSSO 7.5.0) and superiors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure 3Scale
NVD GitHub
CVSS 3.1
4.3
EPSS
0.5%
CVE-2024-24772 MEDIUM PATCH This Month

A guest user could exploit a chart data REST API and send arbitrary SQL statements that on error could leak information from the underlying analytics database.0.4, from 3.1.0 before 3.1.1. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Apache Superset
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2024-27315 MEDIUM PATCH This Month

An authenticated user with privileges to create Alerts on Alerts & Reports has the capability to generate a specially crafted SQL statement that triggers an error on the database. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Apache Information Disclosure Superset
NVD
CVSS 3.1
4.3
EPSS
1.0%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy