Calgary, Alberta, Canada
sales@hackhalt.com
Free Download Free Download Free Download
Explore Pricing Explore Pricing Explore Pricing

Blog

"Prevention is cheaper than a breach"

Live Vulnerability Intelligence

Threat Database

Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.

Total10,866
Critical0
High0
Medium10,866
Reset
Showing 8621-8640 of 10866 records
Threat Entry Updated 2026-04-08

CVE-2021-4419 - Wp Backgrounds Lite Plugin

The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the ino_save_data() function. This makes it possible for unauthenticated attackers to save meta data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Wp Backgrounds Lite

CVE-2021-4419

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3369 - About Me 3000 Plugin

The About Me 3000 widget plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 2.2.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

PLUGIN About Me 3000

CVE-2023-3369

MEDIUM CVSS 4.4 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3202 - Mstore Api Plugin

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_firebase_server_key function. This makes it possible for unauthenticated attackers to update the firebase server key to push notification when order status changed via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Mstore Api

CVE-2023-3202

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3199 - Mstore Api Plugin

The MStore API plugin for WordPress is vulnerable to Cross-Site Request Forgery due to missing nonce validation on the mstore_update_status_order_title function. This makes it possible for unauthenticated attackers to update status order title via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Mstore Api

CVE-2023-3199

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-3011 - Armember Plugin

The ARMember plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 4.0.5. This is due to missing or incorrect nonce validation on the arm_check_user_cap function. This makes it possible for unauthenticated attackers to perform multiple unauthorized actions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Armember

CVE-2023-3011

MEDIUM CVSS 6.5 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2517 - Metform Elementor Contact Form Builder Plugin

The Metform Elementor Contact Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.2. This is due to missing or incorrect nonce validation on the permalink_setup function. This makes it possible for unauthenticated attackers to change the permalink structure via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. While nonce verification is implemented, verification only takes place when a nonce is provided.

PLUGIN Metform Elementor Contact Form Builder

CVE-2023-2517

MEDIUM CVSS 5.4 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2869 - Wp Members Plugin

The WP-Members Membership plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the do_field_reorder function in versions up to, and including, 3.4.7.3. This makes it possible for authenticated attackers with subscriber-level access to reorder form elements on login forms.

PLUGIN Wp Members

CVE-2023-2869

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2562 - Gallery Metabox Plugin

The Gallery Metabox for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the refresh_metabox function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to obtain a list of images attached to a post.

PLUGIN Gallery Metabox

CVE-2023-2562

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2024-11-21

CVE-2023-2561 - Gallery Metabox Plugin

The Gallery Metabox for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the gallery_remove function in versions up to, and including, 1.5. This makes it possible for subscriber-level attackers to modify galleries attached to posts and pages with this plugin.

PLUGIN Gallery Metabox

CVE-2023-2561

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4417 - Custom Form Builder Plugin

The Forminator – Contact Form, Payment Form & Custom Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.13.4. This is due to missing or incorrect nonce validation on the listen_for_saving_export_schedule() function. This makes it possible for unauthenticated attackers to export form submissions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Custom Form Builder

CVE-2021-4417

MEDIUM CVSS 5.4 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4416 - Wp Mpdf Plugin

The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdf_admin_savepost() function. This makes it possible for unauthenticated attackers to save post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Wp Mpdf

CVE-2021-4416

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4415 - Sunshine Photo Cart Plugin

The Sunshine Photo Cart plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.8.28 This is due to missing or incorrect nonce validation on the sunshine_products_quicksave_post() function. This makes it possible for unauthenticated attackers to save custom post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Sunshine Photo Cart

CVE-2021-4415

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4414 - Abandoned Cart Lite For Woocommerce Plugin

The Abandoned Cart Lite for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 5.8.5. This is due to missing or incorrect nonce validation on the wcal_preview_emails() function. This makes it possible for unauthenticated attackers to generate email preview templates via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Abandoned Cart Lite For Woocommerce

CVE-2021-4414

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4413 - Process Steps Template Designer Plugin

The Process Steps Template Designer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.1. This is due to missing or incorrect nonce validation on the save() function. This makes it possible for unauthenticated attackers to save field icons via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Process Steps Template Designer

CVE-2021-4413

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4412 - Wp Prayer Plugin

The WP Prayer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.6.5. This is due to missing or incorrect nonce validation on the save() and export() functions. This makes it possible for unauthenticated attackers to save plugin settings and trigger a data export via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Wp Prayer

CVE-2021-4412

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4411 - Wp Easy Pay Plugin

The WP EasyPay – Square for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.0. This is due to missing or incorrect nonce validation on the wpep_download_transaction_in_excel() function. This makes it possible for unauthenticated attackers to trigger a transactions download via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Wp Easy Pay

CVE-2021-4411

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4410 - Qtranslate Slug Plugin

The Qtranslate Slug plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.18. This is due to missing or incorrect nonce validation on the save_postdata() function. This makes it possible for unauthenticated attackers to save post data via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Qtranslate Slug

CVE-2021-4410

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4409 - Woocommerce Etsy Integration Plugin

The WooCommerce Etsy Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.3.1. This is due to missing or incorrect nonce validation on the etcpf_delete_feed() function. This makes it possible for unauthenticated attackers to delete an export feed via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Woocommerce Etsy Integration

CVE-2021-4409

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4408 - Dw Question Answer Plugin

The DW Question & Answer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.5.8. This is due to missing or incorrect nonce validation on the update_answer() function. This makes it possible for unauthenticated attackers to update answers to questions via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Dw Question Answer

CVE-2021-4408

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Threat Entry Updated 2026-04-08

CVE-2021-4407 - Custom Banners Plugin

The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields() function. This makes it possible for unauthenticated attackers to save custom fields via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

PLUGIN Custom Banners

CVE-2021-4407

MEDIUM CVSS 4.3 2023-07-12
Open Full Technical Breakdown
Scroll to top