8803 matches found
CVE-2025-13749
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...
CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...
CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering
The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...
PT-2026-1731
Name of the Vulnerable Software and Affected Versions Booking Calendar versions prior to 10.14.11 Description The Booking Calendar plugin for WordPress is susceptible to sensitive information exposure via the WPBC FLEXTIMELINE NAV AJAX action. This occurs because nonce verification is conditional...
PT-2026-2248
Name of the Vulnerable Software and Affected Versions RustCrypto versions 0.14.0-pre.0 through 0.14.0-rc.0 Description The Elliptic Curves library within RustCrypto, a general-purpose Elliptic Curve Cryptography ECC implementation, contains a flaw in its SM2 Public Key Encryption PKE...
PT-2026-1711
Name of the Vulnerable Software and Affected Versions Clearfy Cache – WordPress optimization plugin versions prior to 2.4.1 Description The Clearfy Cache – WordPress optimization plugin is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by the absence of nonce validation...
CVE-2025-14999
The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update handler in admin-page.php. This makes it possible for unauthenticated attackers to modify plugin...
CVE-2025-14904
The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...
CVE-2025-14845
The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2025-14901
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
CVE-2025-14465
The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabsoptionspageformsubmit function. This makes it possible for unauthenticated attackers to update plug...
CVE-2025-14468
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...
CVE-2025-14077
The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged...
CVE-2025-13493
The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...
CVE-2025-13519
The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'savedata', 'deletedata', and 'addpopup'. This makes it possible for...
CVE-2025-13520
The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugi...
CVE-2025-13521
The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin...
CVE-2025-14077
CVE-2025-14077 – Simcast plugin for WordPress : The WordPress Simcast plugin has a Cross-Site Request Forgery vulnerability affecting all versions up to 1.0.0. The vulnerability arises from missing or incorrect nonce validation in the settingsPage function, enabling unauthenticated attackers to m...
CVE-2025-14077 Simcast <= 1.0.0 - Cross-Site Request Forgery to Settings Update
The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged...
CVE-2025-14077 Simcast <= 1.0.0 - Cross-Site Request Forgery to Settings Update
The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged...