Lucene search
K

8792 matches found

CVE
CVE
added 2026/01/14 5:28 a.m.16 views

CVE-2025-15377

The CVE-2025-15377 entry describes a Cross-Site Request Forgery in the WordPress plugin Sosh Share Buttons (versions up to and including 1.1.0). The root cause is missing nonce validation in the admin_page_content function, enabling unauthenticated attackers to modify plugin settings via a forged...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.25 views

CVE-2025-15377 Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery

The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'adminpagecontent' function. This makes it possible for unauthenticated attackers to update the plugin's settings via...

4.3CVSS0.0014EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/14 5:28 a.m.4 views

CVE-2025-15377 Sosh Share Buttons <= 1.1.0 - Cross-Site Request Forgery

The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'adminpagecontent' function. This makes it possible for unauthenticated attackers to update the plugin's settings via...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/14 5:28 a.m.30 views

CVE-2025-14615 DASHBOARD BUILDER <= 1.5.7 - Cross-Site Request Forgery to SQL Injection

The DASHBOARD BUILDER – WordPress plugin for Charts and Graphs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5.7. This is due to missing nonce validation on the settings handler in dashboardbuilder-admin.php. This makes it possible for...

7.1CVSS0.00132EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2811

The WPBlogSyn plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's remote sync settings via a forged request granted...

4.3CVSS5.5AI score0.00102EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.5 views

PT-2026-2837

The Stopwords for comments plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the 'set stopwords for comments' and 'delete stopwords for comments' functions. This makes it possible for...

4.3CVSS5.3AI score0.00102EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.8 views

PT-2026-2836

The SocialChamp with WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.3. This is due to missing nonce validation on the wpsc settings tab menu function. This makes it possible for unauthenticated attackers to modify plugin settin...

4.3CVSS5.2AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.7 views

PT-2026-2816

Name of the Vulnerable Software and Affected Versions DASHBOARD BUILDER – WordPress plugin for Charts and Graphs versions prior to 1.5.8 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by a lack of nonce validation within the settings handler in...

7.1CVSS7.3AI score0.00132EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/01/14 12:0 a.m.4 views

PT-2026-2824

The Sosh Share Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'admin page content' function. This makes it possible for unauthenticated attackers to update the plugin's settings v...

4.3CVSS5.3AI score0.0014EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.5 views

CVE-2025-14146

The Booking Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 10.14.10 via the WPBCFLEXTIMELINENAV AJAX action. This is due to the nonce verification being conditionally disabled by default bookingisnonceatfrontend option is 'Off' ...

5.3CVSS6.2AI score0.00337EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:53 p.m.6 views

CVE-2025-14976

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...

5.4CVSS5.5AI score0.00123EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/13 10:52 p.m.5 views

CVE-2026-22698

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

8.7CVSS6.8AI score0.00245EPSS
Exploits1References1
NVD
NVD
added 2026/01/10 9:15 a.m.8 views

CVE-2025-14976

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...

5.4CVSS0.00123EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/10 8:22 a.m.6 views

EUVD-2026-1857

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...

5.4CVSS5AI score0.00123EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/10 8:22 a.m.25 views

CVE-2025-14976 User Registration & Membership <= 4.4.8 - Cross-Site Request Forgery to Arbitrary Post Deletion

The User Registration & Membership – Custom Registration Form Builder, Custom Login Form, User Profile, Content Restriction & Membership Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.4.8. This is due to missing or incorrect nonce...

5.4CVSS0.00123EPSS
Exploits0References3
NVD
NVD
added 2026/01/10 6:15 a.m.8 views

CVE-2026-22698

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

8.7CVSS0.00245EPSS
Exploits1References6
RedhatCVE
RedhatCVE
added 2026/01/10 5:41 a.m.5 views

CVE-2025-13749

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/10 5:17 a.m.2 views

CVE-2026-22698 RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

8.7CVSS6.5AI score0.00245EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/01/10 5:17 a.m.24 views

CVE-2026-22698 RustCrypto SM2-PKE has 32-bit Biased Nonce Vulnerability

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

8.7CVSS0.00245EPSS
Exploits1References6
EUVD
EUVD
added 2026/01/10 5:17 a.m.6 views

EUVD-2026-1876

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography ECC support, including types and traits for representing various elliptic curve forms, scalars, points, and public/secret keys composed thereof. In versions 0.14.0-pre.0 and 0.14.0-rc.0, a critical vulnerability exists in...

8.7CVSS6.3AI score0.00245EPSS
Exploits1References6
Rows per page
Query Builder