CVE Catalog

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress Mesmerize theme, specifically in versions through 1.6.120. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Rara Theme Elegant Pink, affecting versions through 1.3.0. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Rara Theme JobScout, specifically in versions through 1.1.4. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Coachify WordPress theme, specifically in versions through 1.0.7. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Rara Theme for WordPress, specifically in versions through 1.2.1. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Blossom Shop WordPress theme, affecting versions through 1.1.7. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Freshlight Lab WP Mobile Menu plugin for WordPress, affecting versions through 2.8.4.3. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WP Travel Engine Travel Monster theme, affecting versions through 1.1.2. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Blossom Themes Vandana Lite WordPress theme, specifically in versions through 1.1.9. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Automattic Newspack Newsletters plugin for WordPress, affecting versions through 2.13.2. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Faboba Falang multilanguage WordPress plugin, affecting versions through 1.3.51. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WPAdverts Classifieds Plugin for WordPress, affecting versions through 2.1.2. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Loco Translate WordPress plugin, specifically in versions through 2.6.9. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Groundhogg WordPress plugin, specifically in versions through 3.4.2.3. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Rara Theme Chic Lite, specifically in versions through 1.1.3. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Rara Theme Education Zone, affecting versions through 1.3.4. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the Blossom Themes Vilva WordPress theme, specifically in versions through 1.2.2. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A Cross-Site Request Forgery (CSRF) vulnerability exists in the WordPress MasterStudy LMS plugin, affecting versions through 3.2.1. This vulnerability allows attackers to trick users with higher privileges into performing actions they did not intend to.

A critical vulnerability has been identified in the D-Link DIR-816 A2 router, specifically in version 1.10CNB05_R1B011D88210. The issue resides in the ACL Handler component, within the file '/goform/form2LocalAclEditcfg.cgi'. This vulnerability allows for improper access controls, which can be exploited remotely.

A critical vulnerability has been identified in the D-Link DIR-816 A2 router, specifically in version 1.10CNB05_R1B011D88210. The issue arises from improper access controls in the IP QoS Handler component, particularly within the file '/goform/form2IPQoSTcAdd'. This vulnerability allows for unauthorized access and manipulation, and can be exploited remotely.

A missing authorization vulnerability has been identified in Themefic Ultimate Addons for Contact Form 7, specifically in versions through 3.2.6. This vulnerability allows exploitation of improperly configured access control, potentially enabling unauthorized users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the Flothemes Flo Forms WordPress plugin, specifically in versions through 1.0.41. This vulnerability allows exploitation of improperly configured access control security levels, potentially enabling users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the Toast Plugins Animator WordPress plugin, affecting versions through 3.0.10. This vulnerability allows unauthenticated users to exploit improperly configured access control settings, potentially leading to unauthorized changes in plugin settings.

A broken access control vulnerability has been identified in the Dragfy Addons for Elementor WordPress plugin, affecting versions through 1.0.2. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the WordPress EazyDocs plugin, specifically in versions through 2.3.5. This vulnerability allows exploitation of improperly configured access control security levels, potentially leading to unauthorized actions by users with lower privileges.

A missing authorization vulnerability has been identified in the WordPress BadgeOS plugin, specifically in versions through 3.7.1.6. This vulnerability allows unprivileged users to exploit improperly configured access control, potentially leading to unauthorized actions that require higher privileges.

A broken access control vulnerability has been identified in the WordPress Visitors Traffic Real Time Statistics Plugin, affecting versions through 7.2. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the Ecreate Infotech Auto Tag Creator WordPress plugin, affecting versions through 1.0.2. This vulnerability arises from missing authorization checks, allowing unprivileged users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the Seers WordPress plugin, specifically in versions through 8.1.1. This vulnerability arises from incorrectly configured access control security levels, allowing unprivileged users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the CoCart Headless Ecommerce WordPress plugin, affecting versions through 3.11.2. This vulnerability allows exploitation of incorrectly configured access control security levels, potentially leading to unauthorized users performing actions reserved for higher privileges.

A broken access control vulnerability has been identified in the KaizenCoders Short URL WordPress plugin, affecting versions through 1.6.8. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the WP Travel WordPress plugin, affecting versions through 7.8.0. This vulnerability arises from incorrectly configured access control, allowing unprivileged users to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the PressTigers Simple Job Board plugin for WordPress, affecting versions through 2.10.5. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the WordPress Animated Rotating Words plugin, affecting versions through 5.4. This vulnerability arises from missing authorization checks, allowing unprivileged users to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the GiveWP WordPress plugin, affecting versions through 2.33.1. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A missing authorization vulnerability exists in the WordPress Finale Lite plugin, specifically in versions through 2.16.0. This vulnerability allows for arbitrary content deletion, as it exploits incorrectly configured access control security levels. An unauthenticated user could potentially delete various types of content from a website, such as posts, pages, or media.

A broken access control vulnerability has been identified in the ByConsole WooODT Lite plugin for WordPress, affecting versions through 2.4.6. This vulnerability arises from missing authorization checks, which can be exploited by users with lower privileges to perform actions reserved for higher privileged users.

A broken access control vulnerability has been identified in the WP CTA PRO WordPress plugin, specifically in versions through 1.5.8. This vulnerability arises from missing authorization checks, which can be exploited by users to perform actions that require higher privileges.

A broken access control vulnerability has been identified in the WordPress kk Star Ratings plugin, affecting versions through 5.4.5. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the WordPress Generate Dummy Posts plugin, specifically in versions through 1.0.0. This vulnerability arises from missing authorization checks, allowing unprivileged users to perform actions intended for higher privileged users.

A missing authorization vulnerability has been identified in the YITH WooCommerce Product Add-Ons plugin, affecting versions through 4.2.0. This vulnerability arises from incorrectly configured access control, which can be exploited to perform actions without the necessary permissions.

A broken access control vulnerability has been identified in the TCBarrett WordPress Glossary plugin, affecting versions through 3.1.2. This vulnerability arises from missing authorization checks, which can be exploited by unprivileged users to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the David Cramer My Shortcodes WordPress plugin, affecting versions through 2.3. This vulnerability arises from improperly configured access control security levels, which could allow an unprivileged user to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the WordPress Product Recommendation Quiz for eCommerce plugin, affecting versions through 2.1.2. This vulnerability allows exploitation of improperly configured access control, enabling unprivileged users to perform actions reserved for higher privileges.

A broken access control vulnerability has been identified in the RedLettuce WP Word Count plugin, affecting versions through 3.2.4. This vulnerability arises from missing authorization checks, which can be exploited by users with lower privileges to perform actions reserved for higher privileged users.

A broken access control vulnerability has been identified in the NSquared Draw Attention WordPress plugin, affecting versions through 2.0.15. This vulnerability arises from missing authorization checks, which could allow an unprivileged user to perform actions reserved for higher privileges.

A missing authorization vulnerability has been identified in the Codedrafty Mediabay WordPress plugin, affecting versions through 1.6. This vulnerability arises from incorrectly configured access control security levels, which can be exploited to perform actions reserved for higher privileged users.

An authentication bypass vulnerability has been identified in the YOP Poll WordPress plugin, affecting versions through 6.5.28. This vulnerability allows unauthorized users to bypass authentication mechanisms, potentially leading to actions that should be restricted to higher-privileged users.

A missing authorization vulnerability has been identified in the Quill Forms WordPress plugin, specifically in versions through 3.3.0. This vulnerability allows exploitation of incorrectly configured access control security levels, leading to broken access control issues.

A broken access control vulnerability has been identified in the WordPress FeedFocal plugin, affecting versions through 1.2.2. This vulnerability arises from missing authorization checks, allowing unprivileged users to perform actions reserved for higher privileges.