The Button Generator WordPress plugin before 3.0 does not have CSRF check in place when bulk deleting, which could allow attackers to make a logged in admin delete buttons via a CSRF attack. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
CSRF
Button Generator
NVD
WPScan
CVSS 3.1
3.4
EPSS
0.2%
Wagtail is an open source content management system built on Django. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
Authentication Bypass
Python
NVD
GitHub
CVSS 3.1
2.7
EPSS
0.5%