Lucene search
K

8806 matches found

RedhatCVE
RedhatCVE
added 2026/01/07 9:13 a.m.10 views

CVE-2024-2969

The WP-Eggdrop plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1. This is due to missing or incorrect nonce validation on the wpeggupdateOptions function. This makes it possible for unauthenticated attackers to update the plugin's settings...

5.4CVSS6.4AI score0.00189EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.11 views

CVE-2024-2110

The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers...

4.3CVSS6.4AI score0.00215EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:12 a.m.32 views

CVE-2025-1306

The Newscrunch theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.4. This is due to missing or incorrect nonce validation on the newscrunchinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

8.8CVSS6.8AI score0.00462EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:11 a.m.21 views

CVE-2025-1305

The NewsBlogger theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2.5.4. This is due to missing or incorrect nonce validation on the newsbloggerinstallandactivateplugin function. This makes it possible for unauthenticated attackers to upload...

8.8CVSS7.7AI score0.00331EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:9 a.m.9 views

CVE-2024-2115

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.0.0. This is due to missing or incorrect nonce validation on the filterusers functions. This makes it possible for unauthenticated attackers to elevate...

8.8CVSS6.4AI score0.00273EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:8 a.m.5 views

CVE-2024-2125

The EnvíaloSimple: Email Marketing y Newsletters plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the galleryadd function. This makes it possible for unauthenticated attackers to...

8.8CVSS7.3AI score0.00414EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.5 views

CVE-2025-13521 WP Status Notifier <= 1.0 - Cross-Site Request Forgery to Settings Update

The WP Status Notifier plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin...

4.3CVSS5AI score0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 8:21 a.m.12 views

CVE-2025-13521

WP Status Notifier is vulnerable to CSRF due to missing/incorrect nonce validation on the settings update function, enabling unauthenticated attackers to change plugin settings by decep­tively prompting an admin (e.g., via forged link). The CVE entry lists a CVSS v3.1 base score of 4.3 (Medium) w...

4.3CVSS5AI score0.00124EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 8:21 a.m.12 views

CVE-2025-13520

CVE-2025-13520 concerns the MTCaptcha WordPress Plugin. Wordfence’s detailed entry and weekly report confirm a CSRF vulnerability in the plugin’s settings update, allowing unauthenticated attackers to forge requests that can modify plugin settings (including the private key) if a site admin is tr...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.2 views

CVE-2025-13520 MTCaptcha WordPress Plugin <= 2.7.2 - Cross-Site Request Forgery to Settings Update

The MTCaptcha WordPress Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.7.2. This is due to missing or incorrect nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugi...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 8:21 a.m.15 views

CVE-2025-13493

CVE-2025-13493 concerns the WordPress plugin “Latest Registered Users.” It allows unauthenticated attackers to export complete user details (except passwords and tokens) in CSV via the action parameter, due to missing authorization and nonce validation in rnd_handle_form_submit hooked to admin_po...

7.5CVSS5.5AI score0.00283EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 8:21 a.m.25 views

CVE-2025-13493 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

7.5CVSS0.00283EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 8:21 a.m.13 views

CVE-2025-13527

The CVE-2025-13527 entry covers the WordPress xShare plugin, with CSRF in xshare_plugin_reset() affecting all versions up to 1.0.1 due to missing nonce validation. The Wordfence report confirms that unauthenticated attackers could trigger a settings-reset action by delivering a forged request to ...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.4 views

CVE-2025-13493 Latest Registered Users <= 1.4 - Missing Authorization to Unauthenticated Sensitive Information Exposure via User Data Export

The Latest Registered Users plugin for WordPress is vulnerable to unauthorized user data export in all versions up to, and including, 1.4. This is due to missing authorization and nonce validation in the rndhandleformsubmit function hooked to both adminpostmysimpleform and...

7.5CVSS5.5AI score0.00283EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 8:21 a.m.21 views

CVE-2025-13527 xShare <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter

The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xsharepluginreset' function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged...

4.3CVSS0.0014EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/01/07 8:21 a.m.4 views

CVE-2025-13527 xShare <= 1.0.1 - Cross-Site Request Forgery to 'rs_plugin_reset' Parameter

The xShare plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing nonce validation on the 'xsharepluginreset' function. This makes it possible for unauthenticated attackers to reset the plugin's settings via a forged...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 8:21 a.m.14 views

CVE-2025-14999

The CVE-2025-14999 vulnerability affects the Latest Tabs WordPress plugin (

4.3CVSS5AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/07 8:21 a.m.25 views

CVE-2025-14999 Latest Tabs <= 1.5 - Cross-Site Request Forgery to Plugin's Settings Update

The Latest Tabs plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the settings update handler in admin-page.php. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/01/07 8:21 a.m.15 views

CVE-2025-13519

CVE-2025-13519 involves the SVG Map Plugin for WordPress. The vulnerability is a CSRF issue (CSRF to Settings Update) and Stored XSS in the SVG Map Plugin

6.1CVSS5.1AI score0.00115EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/07 6:36 a.m.25 views

CVE-2025-14845 NS IE Compatibility Fixer <= 2.1.5 - Cross-Site Request Forgery to Plugin Settings Update

The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin'...

4.3CVSS0.00132EPSS
Exploits0References7
Rows per page
Query Builder