Lucene search
K

8803 matches found

NVD
NVD
added 2026/01/09 6:16 a.m.9 views

CVE-2025-13749

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

4.3CVSS0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/09 5:25 a.m.23 views

CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

4.3CVSS0.00124EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/09 5:25 a.m.2 views

CVE-2025-13749 Clearfy <= 2.4.0 - Cross-Site Request Forgery to Update Notification Tampering

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.4.0. This is due to missing nonce validation on the "wbcrupmchangeflag" function. This makes it possible for...

4.3CVSS4.9AI score0.00124EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.7 views

PT-2026-1731

Name of the Vulnerable Software and Affected Versions Booking Calendar versions prior to 10.14.11 Description The Booking Calendar plugin for WordPress is susceptible to sensitive information exposure via the WPBC FLEXTIMELINE NAV AJAX action. This occurs because nonce verification is conditional...

5.3CVSS6.2AI score0.00337EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.6 views

PT-2026-2248

Name of the Vulnerable Software and Affected Versions RustCrypto versions 0.14.0-pre.0 through 0.14.0-rc.0 Description The Elliptic Curves library within RustCrypto, a general-purpose Elliptic Curve Cryptography ECC implementation, contains a flaw in its SM2 Public Key Encryption PKE...

8.7CVSS6.5AI score0.00245EPSS
Exploits1References17
Positive Technologies
Positive Technologies
added 2026/01/09 12:0 a.m.7 views

PT-2026-1711

Name of the Vulnerable Software and Affected Versions Clearfy Cache – WordPress optimization plugin versions prior to 2.4.1 Description The Clearfy Cache – WordPress optimization plugin is susceptible to a Cross-Site Request Forgery CSRF issue. This is caused by the absence of nonce validation...

4.3CVSS6.5AI score0.00124EPSS
Exploits0References6
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-14999

The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update handler in admin-page.php. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS0.00102EPSS
Exploits0References2
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14904

The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...

4.3CVSS0.00102EPSS
Exploits0References2
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-14845

The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin'...

4.3CVSS0.00132EPSS
Exploits0References7
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-14465

The Sticky Action Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the sabsoptionspageformsubmit function. This makes it possible for unauthenticated attackers to update plug...

4.3CVSS0.00112EPSS
Exploits0References2
NVD
NVD
added 2026/01/07 12:16 p.m.3 views

CVE-2025-14468

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...

4.3CVSS0.00132EPSS
Exploits0References5
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-14077

The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged...

4.3CVSS0.0014EPSS
Exploits0References3
NVD
NVD
added 2026/01/07 12:16 p.m.3 views

CVE-2025-13493

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

7.5CVSS0.00283EPSS
Exploits0References4
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-13519

The SVG Map Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on multiple AJAX actions including 'savedata', 'deletedata', and 'addpopup'. This makes it possible for...

6.1CVSS0.00115EPSS
Exploits0References3
NVD
NVD
added 2026/01/07 12:16 p.m.4 views

CVE-2025-13520

The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugi...

4.3CVSS0.0014EPSS
Exploits0References3
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-13521

The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin...

4.3CVSS0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 9:21 a.m.10 views

CVE-2025-14077

CVE-2025-14077 – Simcast plugin for WordPress : The WordPress Simcast plugin has a Cross-Site Request Forgery vulnerability affecting all versions up to 1.0.0. The vulnerability arises from missing or incorrect nonce validation in the settingsPage function, enabling unauthenticated attackers to m...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/07 9:21 a.m.3 views

CVE-2025-14077 Simcast <= 1.0.0 - Cross-Site Request Forgery to Settings Update

The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/07 9:21 a.m.27 views

CVE-2025-14077 Simcast <= 1.0.0 - Cross-Site Request Forgery to Settings Update

The Simcast plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the settingsPage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forged...

4.3CVSS0.0014EPSS
Exploits0References3
Rows per page
Query Builder