3 matches found
CVE-2026-11775
The User Admin Simplifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.0.0. This is due to missing or incorrect nonce validation on the useradminsimplifieroptionspage function. This makes it possible for unauthenticated attackers to rese...
CVE-2026-34382
Admidio is an open-source user management solution. From version 5.0.0 to before version 5.0.8, the delete mode handler in mylistfunction.php permanently deletes list configurations without validating a CSRF token. An attacker who can lure an authenticated user to a malicious page can silently...
CVE-2022-36887
A cross-site request forgery CSRF vulnerability in Jenkins Job Configuration History Plugin 1155.v28a46acc06a5 and earlier allows attackers to delete entries from job, agent, and system configuration history, or restore older versions of job, agent, and system configurations...