CVE-2025-24716
- EPSS 0.03%
- Published 24.01.2025 18:15:45
- Last modified 24.01.2025 18:15:45
Cross-Site Request Forgery (CSRF) vulnerability in Wow-Company Herd Effects allows Cross Site Request Forgery. This issue affects Herd Effects: from n/a through 6.2.1.
CVE-2024-3478
- EPSS 0.07%
- Published 02.05.2024 06:15:51
- Last modified 08.05.2025 17:55:28
The Herd Effects WordPress plugin before 5.2.7 does not have CSRF checks in some bulk actions, which could allow attackers to make logged in admins perform unwanted actions, such as deleting effects via CSRF attacks
CVE-2023-4318
- EPSS 0.07%
- Published 11.09.2023 20:15:12
- Last modified 23.04.2025 17:16:43
The Herd Effects WordPress plugin before 5.2.4 does not have CSRF when deleting its items, which could allow attackers to make logged in admins delete arbitrary effects via a CSRF attack
CVE-2023-4022
- EPSS 0.09%
- Published 11.09.2023 20:15:11
- Last modified 23.04.2025 17:16:40
The Herd Effects WordPress plugin before 5.2.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallow...
CVE-2023-2362
- EPSS 0.12%
- Published 12.06.2023 18:15:09
- Last modified 05.05.2025 16:15:35
The Float menu WordPress plugin before 5.0.2, Bubble Menu WordPress plugin before 3.0.4, Button Generator WordPress plugin before 2.3.5, Calculator Builder WordPress plugin before 1.5.1, Counter Box WordPress plugin before 1.2.2, Floating Button Word...