8782 matches found
CVE-2026-1076
The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...
CVE-2025-14630
The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...
CVE-2025-14907
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...
CVE-2025-13139
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...
CVE-2025-13194
CVE-2025-13194 – SurveyJS WordPress CSRF in Survey Renaming Affected software: SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress (versions
CVE-2025-13194
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce verification on the 'SurveyJSRenameSurvey' AJAX...
CVE-2026-1208
The CVE-2026-1208 entry concerns the WordPress plugin Friendly Functions for Welcart (versions up to and including 1.2.5). The vulnerability is a Cross-Site Request Forgery (CSRF) flaw caused by missing or incorrect nonce validation on the plugin settings page, allowing unauthenticated attackers ...
CVE-2026-1208 Friendly Functions for Welcart <= 1.2.5 - Cross-Site Request Forgery to Settings Update
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...
CVE-2026-1208
The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...
CVE-2025-13139 SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...
CVE-2025-13139
CVE-2025-13139 affects SurveyJS: Drag & Drop WordPress Form Builder (WordPress plugin). The vulnerability is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the SurveyJS_AddSurvey AJAX action, allowing unauthenticated attackers to create surveys if a site admin is tricked i...
CVE-2025-13139 SurveyJS: Drag & Drop WordPress Form Builder <= 2.5.2 - Cross-Site Request Forgery to Survey Creation
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to crea...
CVE-2025-13139
The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJSAddSurvey AJAX action. This makes it possible for unauthenticated attackers to...
CVE-2025-14630
CVE-2025-14630 (AdminQuickbar
CVE-2025-14630 AdminQuickbar <= 1.9.3 - Cross-Site Request Forgery to Settings Update
The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...
CVE-2025-14630
The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...
CVE-2025-14630 AdminQuickbar <= 1.9.3 - Cross-Site Request Forgery to Settings Update
The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...
CVE-2025-14907
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...
CVE-2025-14907 Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...
CVE-2025-14907 Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...