Lucene search
K

8783 matches found

CVE
CVE
added 2026/01/24 7:26 a.m.13 views

CVE-2025-14906

Summary: CVE-2025-14906 affects the WP Youtube Video Gallery plugin for WordPress. The WordPress plugin (WP Youtube Video Gallery) is vulnerable to Cross-Site Forgery (CSRF) in all versions up to and including 1.0 due to missing nonce verification on the wpYTVideoGallerySettingSave() function. Th...

4.3CVSS5.5AI score0.00132EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.29 views

CVE-2026-1076 Star Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings Update

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

4.3CVSS0.00158EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.3 views

CVE-2025-14906 WP Youtube Video Gallery <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update

The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS5.8AI score0.00132EPSS
Exploits0References2
CVE
CVE
added 2026/01/24 7:26 a.m.14 views

CVE-2026-1076

CVE-2026-1076: The Star Review Manager WordPress plugin is vulnerable to Cross-Site Request Forgery (CSRF) due to missing nonce validation on the settings page. This enables unauthenticated attackers to forge requests to update the plugin’s CSS settings if a site administrator is tricked into per...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.29 views

CVE-2025-14906 WP Youtube Video Gallery <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update

The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS0.00132EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.4 views

CVE-2026-1076

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References4
CVE
CVE
added 2026/01/24 7:26 a.m.10 views

CVE-2026-1070

CVE-2026-1070 refers to the WordPress plugin “Alex User Counter” (versions

4.3CVSS5.5AI score0.00158EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/01/24 7:26 a.m.3 views

CVE-2025-14903

The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scsbackend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.32 views

CVE-2026-1070 Alex User Counter <= 6.0 - Cross-Site Request Forgery to Settings Update

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

4.3CVSS0.00158EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.5 views

CVE-2026-1070 Alex User Counter <= 6.0 - Cross-Site Request Forgery to Settings Update

The Alex User Counter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0. This is due to missing nonce validation on the alexusercounterfunction function. This makes it possible for unauthenticated attackers to update the plugin settings via...

4.3CVSS5.8AI score0.00158EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/24 7:26 a.m.4 views

CVE-2025-14903 Simple Crypto Shortcodes <= 1.0.2 - Cross-Site Request Forgery to Plugin Settings Update

The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scsbackend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.9 views

PT-2026-4572

The Simple Crypto Shortcodes plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0.2. This is due to missing nonce validation on the scs backend function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS5.5AI score0.00155EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.9 views

PT-2026-4580

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

4.3CVSS5.5AI score0.00158EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.6 views

PT-2026-4591

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the msp admin page function. This makes it possible for unauthenticated attackers to modify plugin settings via a...

4.3CVSS5.5AI score0.00107EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.7 views

PT-2026-4590

The AdminQuickbar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9.3. This is due to missing or incorrect nonce validation on the 'saveSettings' and 'renamePost' AJAX actions. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.5AI score0.0016EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/01/24 12:0 a.m.4 views

WordPress Plugin Friendly Functions for Welcart – Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

4.3CVSS5.7AI score0.0016EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.9 views

PT-2026-4583

The Login Page Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the devotion loginform process AJAX action. This makes it possible for unauthenticated attackers to update the plugin's logi...

4.3CVSS5.4AI score0.00154EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.8 views

PT-2026-4600

The SurveyJS: Drag & Drop WordPress Form Builder to create, style and embed multiple forms of any complexity plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce verification on the 'SurveyJS RenameSurvey' AJA...

4.3CVSS5.3AI score0.0013EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.7 views

PT-2026-4573

The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS5.5AI score0.00132EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/24 12:0 a.m.25 views

PT-2026-4581

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

4.3CVSS5.5AI score0.00155EPSS
Exploits0References4
Rows per page
Query Builder