Security
Headlines
HeadlinesLatestCVEs

Tag

#wordpress

CVE-2023-47551: WordPress Donations Made Easy – Smart Donations plugin <= 4.0.12 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in RedNao Donations Made Easy – Smart Donations.This issue affects Donations Made Easy – Smart Donations: from n/a through 4.0.12.

CVE
Open in Source
#csrf#vulnerability#wordpress#auth
CVE-2023-47243: WordPress MSHOP MY SITE plugin <= 1.1.6 - Broken Access Control vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in CodeMShop ???? ????? – MSHOP MY SITE.This issue affects ???? ????? – MSHOP MY SITE: from n/a through 1.1.6.

CVE-2023-47667: WordPress WP Full Stripe Free plugin <= 1.6.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Mammothology WP Full Stripe Free.This issue affects WP Full Stripe Free: from n/a through 1.6.1.

CVE-2023-47666: WordPress Code Snippets plugin <= 3.5.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Code Snippets Pro Code Snippets.This issue affects Code Snippets: from n/a through 3.5.0.

CVE-2023-47671: WordPress Vertical scroll recent post plugin <= 14.0 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy Vertical scroll recent.This issue affects Vertical scroll recent post: from n/a through 14.0.

CVE-2023-47664: WordPress Plainview Protect Passwords plugin <= 1.4 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview Plainview Protect Passwords.This issue affects Plainview Protect Passwords: from n/a through 1.4.

CVE-2023-47672: WordPress WP Category Post List Widget plugin <= 2.0.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Swashata WP Category Post List Widget.This issue affects WP Category Post List Widget: from n/a through 2.0.3.

CVE-2023-47685: WordPress Preloader Matrix plugin <= 2.0.1 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Lukman Nakib Preloader Matrix.This issue affects Preloader Matrix: from n/a through 2.0.1.

CVE-2023-47670: WordPress Korea SNS plugin <= 1.6.3 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Jongmyoung Kim Korea SNS.This issue affects Korea SNS: from n/a through 1.6.3.

CVE-2023-6187: Paid Memberships Pro <= 2.12.3 - Authenticated (Subscriber+) Arbitrary File Upload — Wordfence Intelligence

The Paid Memberships Pro plugin for WordPress is vulnerable to arbitrary file uploads to insufficient file type validation in the 'pmpro_paypalexpress_session_vars_for_user_fields' function in versions up to, and including, 2.12.3. This makes it possible for authenticated attackers with subscriber privileges or above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This can be exploited if 2Checkout (deprecated since version 2.6) or PayPal Express is set as the payment method and a custom user field is added that is only visible at profile, and not visible at checkout according to its settings.