Lucene search
K

8787 matches found

Positive Technologies
Positive Technologies
added 2026/01/15 12:0 a.m.8 views

PT-2026-3182

GravCMS 1.10.7 contains an unauthenticated vulnerability that allows remote attackers to write arbitrary YAML configuration and execute PHP code through the scheduler endpoint. Attackers can exploit the admin-nonce parameter to inject base64-encoded payloads and create malicious custom jobs with...

9.3CVSS8AI score0.01987EPSS
Exploits1References4
WPVulnDB
WPVulnDB
added 2026/01/15 12:0 a.m.10 views

Dating <= 11.2.0 - Cross-Site Request Forgery

Description The Dating theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 11.2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...

5.3AI score0.00184EPSS
Exploits0References1
Veracode
Veracode
added 2026/01/14 8:1 a.m.6 views

Cryptographic Semantic Binding Flaw

ALTCHA libraries are vulnerable to a cryptographic semantic binding flaw. The vulnerability is due to ambiguous HMAC binding between challenge parameters and the nonce, which allows an attacker to splice or reinterpret a valid proof-of-work submission for example by modifying the expiration value...

6.5CVSS5.9AI score0.00262EPSS
Exploits0References11Affected Software4
NVD
NVD
added 2026/01/14 7:16 a.m.4 views

CVE-2025-15376

The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'setstopwordsforcomments' and 'deletestopwordsforcomments' functions. This makes it possible for unauthenticated...

4.3CVSS0.00102EPSS
Exploits0References2
NVD
NVD
added 2026/01/14 7:16 a.m.8 views

CVE-2025-14846

The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.5. This is due to missing nonce validation on the wpscsettingstabmenu function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/14 6:40 a.m.2 views

CVE-2025-15376 Stopwords for comments <= 1.1 - Missing Authorization to Cross-Site Request Forgery

The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'setstopwordsforcomments' and 'deletestopwordsforcomments' functions. This makes it possible for unauthenticated...

4.3CVSS5AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/14 6:40 a.m.21 views

CVE-2025-15376 Stopwords for comments <= 1.1 - Missing Authorization to Cross-Site Request Forgery

The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'setstopwordsforcomments' and 'deletestopwordsforcomments' functions. This makes it possible for unauthenticated...

4.3CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/01/14 6:40 a.m.12 views

CVE-2025-15376

The CVE-2025-15376 entry concerns the WordPress plugin Stopwords for comments, versions up to 1.1. It is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing nonce validation in set_stopwords_for_comments and delete_stopwords_for_comments. This allows unauthenticated attackers to a...

4.3CVSS5AI score0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/01/14 6:40 a.m.13 views

CVE-2025-14846

The CVE-2025-14846 entry concerns the WordPress SocialChamp plugin (SocialChamp with WordPress) up to version 1.3.3. The issue is a Cross-Site Request Forgery (CSRF) due to missing nonce validation in the wpsc_settings_tab_menu function, allowing unauthenticated attackers to modify plugin setting...

4.3CVSS5.8AI score0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/14 6:40 a.m.4 views

EUVD-2026-2531

The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing nonce validation on the wpscsettingstabmenu function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS4.8AI score0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/14 6:40 a.m.25 views

CVE-2025-14846 SocialChamp with WordPress <= 1.3.5 - Cross-Site Request Forgery to Plugin Settings Update

The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.5. This is due to missing nonce validation on the wpscsettingstabmenu function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/14 6:40 a.m.4 views

CVE-2025-14846 SocialChamp with WordPress <= 1.3.5 - Cross-Site Request Forgery to Plugin Settings Update

The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.5. This is due to missing nonce validation on the wpscsettingstabmenu function. This makes it possible for unauthenticated attackers to modify plugin settings...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References3
NVD
NVD
added 2026/01/14 6:15 a.m.6 views

CVE-2025-15377

The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'adminpagecontent' function. This makes it possible for unauthenticated attackers to update the plugin's settings via...

4.3CVSS0.0014EPSS
Exploits0References2
NVD
NVD
added 2026/01/14 6:15 a.m.7 views

CVE-2025-14615

The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. This makes it possible for...

7.1CVSS0.00132EPSS
Exploits0References5
NVD
NVD
added 2026/01/14 6:15 a.m.5 views

CVE-2025-14389

The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's remote sync settings via a forged request granted...

4.3CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/01/14 5:28 a.m.16 views

CVE-2025-15377

The CVE-2025-15377 entry describes a Cross-Site Request Forgery in the WordPress plugin Sosh Share Buttons (versions up to and including 1.1.0). The root cause is missing nonce validation in the admin_page_content function, enabling unauthenticated attackers to modify plugin settings via a forged...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.25 views

CVE-2025-15377 Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery

The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'adminpagecontent' function. This makes it possible for unauthenticated attackers to update the plugin's settings via...

4.3CVSS0.0014EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/14 5:28 a.m.4 views

CVE-2025-15377 Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery

The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'adminpagecontent' function. This makes it possible for unauthenticated attackers to update the plugin's settings via...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.30 views

CVE-2025-14615 DASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL Injection

The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. This makes it possible for...

7.1CVSS0.00132EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2811

The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's remote sync settings via a forged request granted...

4.3CVSS5.5AI score0.00102EPSS
Exploits0References3
Rows per page
Query Builder