CVE-2025-24716
- EPSS 0.03%
- Veröffentlicht 24.01.2025 18:15:45
- Zuletzt bearbeitet 24.01.2025 18:15:45
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1.
CVE-2024-3478
- EPSS 0.07%
- Veröffentlicht 02.05.2024 06:15:51
- Zuletzt bearbeitet 08.05.2025 17:55:28
The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks
CVE-2023-4318
- EPSS 0.07%
- Veröffentlicht 11.09.2023 20:15:12
- Zuletzt bearbeitet 23.04.2025 17:16:43
The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack
CVE-2023-4022
- EPSS 0.09%
- Veröffentlicht 11.09.2023 20:15:11
- Zuletzt bearbeitet 23.04.2025 17:16:40
The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow...
CVE-2023-2362
- EPSS 0.12%
- Veröffentlicht 12.06.2023 18:15:09
- Zuletzt bearbeitet 05.05.2025 16:15:35
The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button Word...