8783 matches found
CVE-2025-14906
Summary: CVE-2025-14906 affects the WP Youtube Video Gallery plugin for WordPress. The WordPress plugin (WP Youtube Video Gallery) is vulnerable to Cross-Site Forgery (CSRF) in all versions up to and including 1.0 due to missing nonce verification on the wpYTVideoGallerySettingSave() function. Th...
CVE-2026-1076 Star Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings Update
The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...
CVE-2025-14906 WP Youtube Video Gallery <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update
The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...
CVE-2026-1076
CVE-2026-1076: The Star Review Manager WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) due to missing nonce validation on the settings page. This enables unauthenticated attackers to forge requests to update the plugin’s CSS settings if a site administrator is tricked into per...
CVE-2025-14906 WP Youtube Video Gallery <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update
The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...
CVE-2026-1076
The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...
CVE-2026-1070
CVE-2026-1070 refers to the WordPress plugin “Alex User Counter” (versions
CVE-2025-14903
The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scsbackend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...
CVE-2026-1070 Alex User Counter <= 6.0 - Cross-Site Request Forgery to Settings Update
The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...
CVE-2026-1070 Alex User Counter <= 6.0 - Cross-Site Request Forgery to Settings Update
The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...
CVE-2025-14903 Simple Crypto Shortcodes <= 1.0.2 - Cross-Site Request Forgery to Plugin Settings Update
The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scsbackend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...
PT-2026-4572
The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scs backend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...
PT-2026-4580
The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...
PT-2026-4591
The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the msp admin page function. This makes it possible for unauthenticated attackers to modify plugin settings via a...
PT-2026-4590
The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...
WordPress Plugin Friendly Functions for Welcart – Cross-Site Request Forgery Vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...
PT-2026-4583
The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotion loginform process AJAX action. This makes it possible for unauthenticated attackers to update the plugin's logi...
PT-2026-4600
The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce verification on the 'SurveyJS RenameSurvey' AJA...
PT-2026-4573
The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...
PT-2026-4581
The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...