Lucene search
K

8806 matches found

CVE
CVE
added 2026/01/07 6:36 a.m.13 views

CVE-2025-14845

The CVE-2025-14845 entry concerns the NS IE Compatibility Fixer plugin for WordPress. Wordfence’s vulnerability details confirm a CSRF vulnerability in the plugin’s settings update function due to missing nonce validation, enabling unauthenticated attackers to craft requests that modify plugin se...

4.3CVSS5.2AI score0.00132EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/01/07 6:36 a.m.4 views

CVE-2025-14845 NS IE Compatibility Fixer <= 2.1.5 - Cross-Site Request Forgery to Plugin Settings Update

The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin'...

4.3CVSS5.2AI score0.00132EPSS
Exploits0References7
CVE
CVE
added 2026/01/07 6:35 a.m.10 views

CVE-2025-13657

CVE-2025-13657 affects the WordPress plugin “HelpDesk Contact Form” (versions

4.3CVSS4.9AI score0.00128EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 6:35 a.m.15 views

CVE-2025-14901

CVE-2025-14901 presented by Wordfence: The Bit Form – Contact Form Plugin for WordPress (all versions up to 2.21.6) has a logic flaw in the triggerWorkFlow AJAX action where nonce verification only blocks requests if both the nonce check fails and the user is logged in. This enables unauthenticat...

6.5CVSS5.5AI score0.0035EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 6:35 a.m.2 views

CVE-2025-14904 Newsletter Email Subscribe <= 2.4 - Cross-Site Request Forgery to Plugin Settings Update

The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...

4.3CVSS5.1AI score0.00102EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/01/07 6:35 a.m.5 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS5.5AI score0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 6:35 a.m.26 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 6:35 a.m.28 views

CVE-2025-14904 Newsletter Email Subscribe <= 2.4 - Cross-Site Request Forgery to Plugin Settings Update

The Newsletter Email Subscribe plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4. This is due to incorrect nonce validation on the nelssettingspage function. This makes it possible for unauthenticated attackers to update plugin settings via a...

4.3CVSS0.00102EPSS
Exploits0References2
CVE
CVE
added 2026/01/07 4:32 a.m.11 views

CVE-2025-14468

CVE-2025-14468 : The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery up to and including version 1.1.9 due to inverted nonce verification in the amp_theme_ajaxcomments AJAX handler, allowing unauthenticated attackers to submit comments on beh...

4.3CVSS5.3AI score0.00132EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/07 4:32 a.m.3 views

CVE-2025-14468 AMP for WP – Accelerated Mobile Pages <= 1.1.9 - Cross-Site Request Forgery to Comment Submission

The AMP for WP – Accelerated Mobile Pages plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.9. This is due to inverted nonce verification logic in the ampthemeajaxcomments AJAX handler, which rejects requests with VALID nonces and accepts...

4.3CVSS5.3AI score0.00132EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.8 views

PT-2026-1588

Name of the Vulnerable Software and Affected Versions The Latest Registered Users plugin for WordPress versions prior to 1.5 Description The Latest Registered Users plugin for WordPress is susceptible to unauthorized user data export. This is a result of a lack of authorization and nonce validati...

7.5CVSS6.4AI score0.00283EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.8 views

PT-2026-1593

Name of the Vulnerable Software and Affected Versions WP Status Notifier plugin for WordPress versions prior to 1.1 Description The WP Status Notifier plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is caused by insufficient or incorrect nonce validation when updating...

4.3CVSS6.2AI score0.00124EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1597

Name of the Vulnerable Software and Affected Versions The Latest Tabs plugin for WordPress versions up to and including 1.5 Description The Latest Tabs plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF. This is a result of inadequate or absent nonce validation within the...

4.3CVSS6.1AI score0.00102EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1634

Name of the Vulnerable Software and Affected Versions The Awesome Hotel Booking plugin for WordPress versions prior to 1.1 Description The plugin has a flaw allowing unauthorized data modification. This is due to insufficient authorization checks in the room-single.php shortcode handler,...

5.3CVSS6.6AI score0.00236EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1567

Name of the Vulnerable Software and Affected Versions NS IE Compatibility Fixer plugin for WordPress versions through 2.1.5 Description The software is susceptible to Cross-Site Request Forgery CSRF due to the absence of nonce validation on the settings update functionality. This allows attackers...

4.3CVSS6.5AI score0.00132EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1591

Name of the Vulnerable Software and Affected Versions SVG Map Plugin for WordPress versions prior to 1.0.1 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on multiple AJAX actions. Specifically, the AJAX actions ‘save data’,...

6.1CVSS6.4AI score0.00115EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1618

Name of the Vulnerable Software and Affected Versions Simcast plugin for WordPress versions prior to 1.0.1 Description The Simcast plugin for WordPress is susceptible to Cross-Site Request Forgery. This is caused by inadequate nonce validation within the settingsPage function. An unauthenticated...

4.3CVSS6.2AI score0.0014EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.7 views

PT-2026-1573

Name of the Vulnerable Software and Affected Versions Newsletter Email Subscribe plugin for WordPress versions up to and including 2.4 Description The Newsletter Email Subscribe plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of improper nonce validation within...

4.3CVSS6AI score0.00102EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1592

Name of the Vulnerable Software and Affected Versions MTCaptcha WordPress Plugin versions prior to 2.7.3 Description The software is susceptible to Cross-Site Request Forgery CSRF due to missing or incorrect nonce validation on the settings update functionality. An unauthenticated attacker could...

4.3CVSS6.3AI score0.0014EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.5 views

PT-2026-1613

Name of the Vulnerable Software and Affected Versions Mamurjor Employee Info plugin for WordPress versions up to and including 1.0.0 Description The software is susceptible to Cross-Site Request Forgery CSRF due to the absence of nonce validation on several administrative functions. This allows...

4.3CVSS6.3AI score0.00149EPSS
Exploits0References9
Rows per page
Query Builder