Lucene search
K

8782 matches found

RedhatCVE
RedhatCVE
added 2026/01/25 9:16 a.m.11 views

CVE-2026-1076

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References1
NVD
NVD
added 2026/01/24 9:15 a.m.5 views

CVE-2025-14630

The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...

4.3CVSS0.0016EPSS
Exploits0References5
NVD
NVD
added 2026/01/24 9:15 a.m.6 views

CVE-2025-14907

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

4.3CVSS0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/01/24 9:15 a.m.6 views

CVE-2025-13139

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...

4.3CVSS0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/01/24 9:8 a.m.18 views

CVE-2025-13194

CVE-2025-13194 – SurveyJS WordPress CSRF in Survey Renaming Affected software: SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress (versions

4.3CVSS5.8AI score0.0013EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 9:8 a.m.5 views

CVE-2025-13194

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce verification on the 'SurveyJSRenameSurvey' AJAX...

4.3CVSS5.8AI score0.0013EPSS
Exploits0References3
CVE
CVE
added 2026/01/24 9:8 a.m.19 views

CVE-2026-1208

The CVE-2026-1208 entry concerns the WordPress plugin Friendly Functions for Welcart (versions up to and including 1.2.5). The vulnerability is a Cross-Site Request Forgery (CSRF) flaw caused by missing or incorrect nonce validation on the plugin settings page, allowing unauthenticated attackers ...

4.3CVSS5.5AI score0.0016EPSS
Exploits1References4
Vulnrichment
Vulnrichment
added 2026/01/24 9:8 a.m.6 views

CVE-2026-1208 Friendly Functions for Welcart <= 1.2.5 - Cross-Site Request Forgery to Settings Update

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

4.3CVSS5.8AI score0.0016EPSS
Exploits1References4
ATTACKERKB
ATTACKERKB
added 2026/01/24 9:8 a.m.6 views

CVE-2026-1208

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

4.3CVSS5.8AI score0.0016EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/24 9:8 a.m.27 views

CVE-2025-13139 SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...

4.3CVSS0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/01/24 9:8 a.m.14 views

CVE-2025-13139

CVE-2025-13139 affects SurveyJS: Drag & Drop WordPress Form Builder (WordPress plugin). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the SurveyJS_AddSurvey AJAX action, allowing unauthenticated attackers to create surveys if a site admin is tricked i...

4.3CVSS5.8AI score0.00126EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 9:8 a.m.4 views

CVE-2025-13139 SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...

4.3CVSS5.7AI score0.00126EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 9:8 a.m.3 views

CVE-2025-13139

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to...

4.3CVSS5.8AI score0.00126EPSS
Exploits0References3
CVE
CVE
added 2026/01/24 8:26 a.m.10 views

CVE-2025-14630

CVE-2025-14630 (AdminQuickbar

4.3CVSS5.5AI score0.0016EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/24 8:26 a.m.5 views

CVE-2025-14630 AdminQuickbar <= 1.9.3 - Cross-Site Request Forgery to Settings Update

The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/24 8:26 a.m.5 views

CVE-2025-14630

The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/01/24 8:26 a.m.29 views

CVE-2025-14630 AdminQuickbar <= 1.9.3 - Cross-Site Request Forgery to Settings Update

The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...

4.3CVSS0.0016EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/01/24 8:26 a.m.3 views

CVE-2025-14907

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 8:26 a.m.34 views

CVE-2025-14907 Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

4.3CVSS0.00107EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/24 8:26 a.m.4 views

CVE-2025-14907 Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References2
Rows per page
Query Builder