Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8766 matches found

ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.7 views

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/06/02 7:48 a.m.37 views

CVE-2026-8422 Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS0.00132EPSS
Exploits0References7
CVE
CVEadded 2026/06/02 7:48 a.m.18 views

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0 due to missing/incorrect nonce validation on gmz_comment_settings_save, allowing unauthenticated attackers to modify the plugin’s comment-display setting via a forged reque...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References4
Vulnrichment
Vulnrichmentadded 2026/06/02 7:48 a.m.10 views

CVE-2026-8422 Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References7
EUVD
EUVDadded 2026/06/02 7:48 a.m.16 views

EUVD-2026-33898

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.11 views

CVE-2026-8422

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References8
CVE
CVEadded 2026/06/02 7:48 a.m.18 views

CVE-2026-8422

CVE-2026-8422 concerns the WordPress plugin Remove meta boxes per user role (versions up to and including 1.01). The vulnerability stems from missing or incorrect nonce validation on the remove-meta-boxes-per-user-role page, enabling CSRF. This could allow unauthenticated attackers to modify or r...

4.3CVSS5.7AI score0.00132EPSS
Exploits0References7
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.7 views

CVE-2026-9599

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/06/02 7:48 a.m.9 views

CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
CVE
CVEadded 2026/06/02 7:48 a.m.17 views

CVE-2026-9599

The CVE-2026-9599 entry describes a CSRF vulnerability in the WordPress Tectite Forms plugin (versions up to and including 1.3) caused by missing or incorrect nonce validation in admin_init. This allows unauthenticated attackers to modify plugin settings (e.g., tectite_forms_button) through forge...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
EUVD
EUVDadded 2026/06/02 7:48 a.m.10 views

EUVD-2026-33894

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
Cvelist
Cvelistadded 2026/06/02 7:48 a.m.39 views

CVE-2026-9723 Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS0.00128EPSS
Exploits0References4
EUVD
EUVDadded 2026/06/02 7:48 a.m.10 views

EUVD-2026-33890

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References4
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.8 views

CVE-2026-9723

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
EUVD
EUVDadded 2026/06/02 7:48 a.m.11 views

EUVD-2026-33888

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References5
Vulnrichment
Vulnrichmentadded 2026/06/02 7:48 a.m.7 views

CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References5
ATTACKERKB
ATTACKERKBadded 2026/06/02 7:48 a.m.7 views

CVE-2026-4071

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References6
CVE
CVEadded 2026/06/02 7:48 a.m.18 views

CVE-2026-4071

The BirdSeed WordPress plugin is affected by a Cross-Site Request Forgery in all versions up to and including 2.2.0. The root cause is missing nonce validation in the birdseed_plugin_settings_page() function, which processes the birdseed_token GET parameter and saves it via update_option() withou...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References5
Cvelist
Cvelistadded 2026/06/02 7:48 a.m.37 views

CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

4.3CVSS0.00131EPSS
Exploits0References5
GithubExploit
GithubExploitadded 2026/06/02 2:51 a.m.84 views

Exploit for CVE-2026-8732

WP Maps Pro Unauthenticated Stored Cross-Site Scripting CVE-2...

9.8CVSS5.9AI score0.09461EPSS
Exploits7
Rows per page
Query Builder