8806 matches found
CVE-2025-14845
The CVE-2025-14845 entry concerns the NS IE Compatibility Fixer plugin for WordPress. Wordfence’s vulnerability details confirm a CSRF vulnerability in the plugin’s settings update function due to missing nonce validation, enabling unauthenticated attackers to craft requests that modify plugin se...
CVE-2025-14845 NS IE Compatibility Fixer <= 2.1.5 - Cross-Site Request Forgery to Plugin Settings Update
The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin'...
CVE-2025-13657
CVE-2025-13657 affects the WordPress plugin “HelpDesk Contact Form” (versions
CVE-2025-14901
CVE-2025-14901 presented by Wordfence: The Bit Form – Contact Form Plugin for WordPress (all versions up to 2.21.6) has a logic flaw in the triggerWorkFlow AJAX action where nonce verification only blocks requests if both the nonce check fails and the user is logged in. This enables unauthenticat...
CVE-2025-14904 Newsletter Email Subscribe <= 2.4 - Cross-Site Request Forgery to Plugin Settings Update
The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...
CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
CVE-2025-14904 Newsletter Email Subscribe <= 2.4 - Cross-Site Request Forgery to Plugin Settings Update
The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...
CVE-2025-14468
CVE-2025-14468 : The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery up to and including version 1.1.9 due to inverted nonce verification in the amp_theme_ajaxcomments AJAX handler, allowing unauthenticated attackers to submit comments on beh...
CVE-2025-14468 AMP for WP – Accelerated Mobile Pages <= 1.1.9 - Cross-Site Request Forgery to Comment Submission
The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...
PT-2026-1588
Name of the Vulnerable Software and Affected Versions The Latest Registered Users plugin for WordPress versions prior to 1.5 Description The Latest Registered Users plugin for WordPress is susceptible to unauthorized user data export. This is a result of a lack of authorization and nonce validati...
PT-2026-1593
Name of the Vulnerable Software and Affected Versions WP Status Notifier plugin for WordPress versions prior to 1.1 Description The WP Status Notifier plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by insufficient or incorrect nonce validation when updating...
PT-2026-1597
Name of the Vulnerable Software and Affected Versions The Latest Tabs plugin for WordPress versions up to and including 1.5 Description The Latest Tabs plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or absent nonce validation within the...
PT-2026-1634
Name of the Vulnerable Software and Affected Versions The Awesome Hotel Booking plugin for WordPress versions prior to 1.1 Description The plugin has a flaw allowing unauthorized data modification. This is due to insufficient authorization checks in the room-single.php shortcode handler,...
PT-2026-1567
Name of the Vulnerable Software and Affected Versions NS IE Compatibility Fixer plugin for WordPress versions through 2.1.5 Description The software is susceptible to Cross-Site Request Forgery CSRF due to the absence of nonce validation on the settings update functionality. This allows attackers...
PT-2026-1591
Name of the Vulnerable Software and Affected Versions SVG Map Plugin for WordPress versions prior to 1.0.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on multiple AJAX actions. Specifically, the AJAX actions ‘save data’,...
PT-2026-1618
Name of the Vulnerable Software and Affected Versions Simcast plugin for WordPress versions prior to 1.0.1 Description The Simcast plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by inadequate nonce validation within the settingsPage function. An unauthenticated...
PT-2026-1573
Name of the Vulnerable Software and Affected Versions Newsletter Email Subscribe plugin for WordPress versions up to and including 2.4 Description The Newsletter Email Subscribe plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of improper nonce validation within...
PT-2026-1592
Name of the Vulnerable Software and Affected Versions MTCaptcha WordPress Plugin versions prior to 2.7.3 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the settings update functionality. An unauthenticated attacker could...
PT-2026-1613
Name of the Vulnerable Software and Affected Versions Mamurjor Employee Info plugin for WordPress versions up to and including 1.0.0 Description The software is susceptible to Cross-Site Request Forgery CSRF due to the absence of nonce validation on several administrative functions. This allows...