Lucene search
K

8782 matches found

Vulnrichment
Vulnrichment
added 2026/02/05 9:13 a.m.5 views

CVE-2025-14079 ELEX WordPress HelpDesk & Customer Ticketing System <= 3.3.5 - Missing Authorization to Authenticated (Subscriber+) Settings Update

The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.3.5. This is due to missing capability checks on the ehcrmticketgeneral function combined with a shared nonce that is exposed to low-privileg...

5.3CVSS5.4AI score0.00268EPSS
Exploits0References3
NVD
NVD
added 2026/02/04 9:15 a.m.10 views

CVE-2026-0679

The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'checkfortisnotifyresponse' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooCommerce order...

5.3CVSS0.00345EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/04 8:25 a.m.8 views

EUVD-2026-5411

The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'checkfortisnotifyresponse' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooCommerce order...

5.3CVSS5.5AI score0.00345EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/04 8:25 a.m.29 views

CVE-2026-0679 Fortis for WooCommerce <= 1.2.0 - Missing Authorization to Unauthenticated Arbitrary Order Status Update to Paid via 'wc-api' Endpoint

The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'checkfortisnotifyresponse' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooCommerce order...

5.3CVSS0.00345EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/02/04 8:25 a.m.5 views

CVE-2026-0679

The Fortis for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to an inverted nonce check in the 'checkfortisnotifyresponse' function in all versions up to, and including, 1.2.0. This makes it possible for unauthenticated attackers to update arbitrary WooCommerce order...

5.3CVSS5.5AI score0.00345EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/04 12:0 a.m.12 views

PT-2026-6018

Name of the Vulnerable Software and Affected Versions Fortis for WooCommerce versions up to and including 1.2.0 Description The Fortis for WooCommerce plugin for WordPress has an authorization bypass issue because of an incorrect nonce check within the check fortis notify response function. This...

5.3CVSS5.4AI score0.00345EPSS
Exploits0References5
CVE
CVE
added 2026/02/03 6:38 a.m.24 views

CVE-2026-1447

Summary: The Mail Mint plugin for WordPress (versions ≤ 1.19.2) is affected by a Cross-Site Request Forgery (CSRF) due to missing nonce validation in the create_or_update_note function. This can allow unauthenticated attackers to create or update contact notes by tricking an administrator, with t...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References6
EUVD
EUVD
added 2026/02/03 6:38 a.m.8 views

EUVD-2026-5291

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/03 6:38 a.m.6 views

CVE-2026-1447 Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/02/03 6:38 a.m.27 views

CVE-2026-1447 Mail Mint <= 1.19.2 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

5.4CVSS0.00162EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/02/03 6:38 a.m.6 views

CVE-2026-1447

The Mail Mint plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.19.2. This is due to missing nonce validation on the createorupdatenote function. This makes it possible for unauthenticated attackers to create or update contact notes via a...

5.4CVSS5.3AI score0.00162EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/02/01 3:19 p.m.7 views

CVE-2026-1165

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publishunpublishpopupbox' function that verifies a self-created nonce rather than one submitted in the request. This mak...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/02/01 12:0 a.m.5 views

Sleep Reveals the Nonce: Breaking ECDSA Using Sleep-Based Power Side-Channel Vulnerability

Security of Elliptic Curve Digital Signature Algorithm ECDSA depends on the secrecy of the per-signature nonce. Even partial nonce leakage can expose the long-term private key through lattice-based cryptanalysis. In this paper, we introduce a previously unexplored power side-channel vulnerability...

5.4AI score
Exploits0
NVD
NVD
added 2026/01/31 3:15 p.m.13 views

CVE-2026-1165

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publishunpublishpopupbox' function that verifies a self-created nonce rather than one submitted in the request. This mak...

4.3CVSS0.00165EPSS
Exploits0References4
EUVD
EUVD
added 2026/01/31 2:22 p.m.6 views

EUVD-2026-5054

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publishunpublishpopupbox' function that verifies a self-created nonce rather than one submitted in the request. This mak...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/31 2:22 p.m.5 views

CVE-2026-1165 Popup Box <= 6.1.1 - Cross-Site Request Forgery to Popup Status Change

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publishunpublishpopupbox' function that verifies a self-created nonce rather than one submitted in the request. This mak...

4.3CVSS5.3AI score0.00165EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/31 2:22 p.m.5 views

CVE-2026-1165

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publishunpublishpopupbox' function that verifies a self-created nonce rather than one submitted in the request. This mak...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References5
CVE
CVE
added 2026/01/31 2:22 p.m.27 views

CVE-2026-1165

CVE-2026-1165 affects Popup Box for WordPress up to version 6.1.1. The vulnerability is a Cross-Site Request Forgery due to a flawed nonce implementation in publish_unpublish_popupbox that validates a self-created nonce instead of the request nonce, enabling unauthenticated attackers to change po...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/31 12:0 a.m.10 views

PT-2026-5544

The Popup Box plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.1.1. This is due to a flawed nonce implementation in the 'publish unpublish popupbox' function that verifies a self-created nonce rather than one submitted in the request. This...

4.3CVSS5.8AI score0.00165EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/29 3:19 p.m.13 views

CVE-2025-14616

The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References1
Rows per page
Query Builder