Lucene search
K

8783 matches found

Vulnrichment
Vulnrichment
added 2026/01/24 8:26 a.m.4 views

CVE-2025-14907 Moderate Selected Posts <= 1.4 - Cross-Site Request Forgery to Plugin Settings Update

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References2
CVE
CVE
added 2026/01/24 8:26 a.m.10 views

CVE-2025-14907

CVE-2025-14907 – Moderate Selected Posts (WordPress) CSRF vulnerability : The WordPress plugin is vulnerable in versions up to 1.4 due to missing nonce verification in the msp_admin_page() function. This enables unauthenticated attackers to modify plugin settings through forged requests if a site...

4.3CVSS5.5AI score0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/01/24 8:16 a.m.4 views

CVE-2026-1076

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

4.3CVSS0.00158EPSS
Exploits0References3
NVD
NVD
added 2026/01/24 8:16 a.m.9 views

CVE-2026-1081

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

4.3CVSS0.00155EPSS
Exploits0References3
NVD
NVD
added 2026/01/24 8:16 a.m.8 views

CVE-2026-1075

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...

4.3CVSS0.00191EPSS
Exploits0References3
NVD
NVD
added 2026/01/24 8:16 a.m.6 views

CVE-2026-1070

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

4.3CVSS0.00158EPSS
Exploits0References3
NVD
NVD
added 2026/01/24 8:16 a.m.5 views

CVE-2025-14903

The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scsbackend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS0.00155EPSS
Exploits0References3
NVD
NVD
added 2026/01/24 8:16 a.m.5 views

CVE-2025-14906

The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.34 views

CVE-2026-1088 Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS0.00154EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.3 views

CVE-2026-1088

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS5.8AI score0.00154EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.5 views

CVE-2026-1088 Login Page Editor <= 1.2 - Cross-Site Request Forgery to Settings Update

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotionloginformprocess AJAX action. This makes it possible for unauthenticated attackers to update the plugin's login...

4.3CVSS5.8AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/01/24 7:26 a.m.10 views

CVE-2026-1088

CVE-2026-1088 affects the WordPress plugin Login Page Editor (≤1.2). The issue is a Cross-Site Request Forgery (CSRF) due to missing nonce validation on the devotion_loginform_process() AJAX action, enabling unauthenticated attackers to update login-page settings if a site administrator is tricke...

4.3CVSS5.4AI score0.00154EPSS
Exploits0References3
CVE
CVE
added 2026/01/24 7:26 a.m.19 views

CVE-2026-1075

CVE-2026-1075 – ZT Captcha (WordPress) : The WordPress plugin is vulnerable to Cross-Site Forgery (CSRF) in all versions up to 1.0.4 due to improper nonce validation on the save_ztcpt_captcha_settings action. This allows unauthenticated attackers to modify plugin settings via a forged request if ...

4.3CVSS5.5AI score0.00191EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.6 views

CVE-2026-1081

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References4
CVE
CVE
added 2026/01/24 7:26 a.m.15 views

CVE-2026-1081

CVE-2026-1081 concerns the WordPress plugin Set Bulk Post Categories, affected

4.3CVSS5.5AI score0.00155EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.34 views

CVE-2026-1081 Set Bulk Post Categories <= 1.1 - Cross-Site Request Forgery to Bulk Post Category Update

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

4.3CVSS0.00155EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.5 views

CVE-2026-1075

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...

4.3CVSS5.8AI score0.00191EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.4 views

CVE-2026-1081 Set Bulk Post Categories <= 1.1 - Cross-Site Request Forgery to Bulk Post Category Update

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.5 views

CVE-2026-1075 ZT Captcha <= 1.0.4 - Cross-Site Request Forgery to Settings Update

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the saveztcptcaptchasettings action where the nonce check can be bypassed by sending an empty token value. This makes it possibl...

4.3CVSS5.8AI score0.00191EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.4 views

CVE-2026-1076 Star Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings Update

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References3
Rows per page
Query Builder