CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Cvelist•added 2026/05/27 5:31 a.m.•31 views

CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJLcertification function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.0014EPSS

Vulnrichment•added 2026/05/27 5:31 a.m.•7 views

CVE-2026-8938 auto making JSON-LD <= 4.5.3 - Cross-Site Request Forgery to Plugin Certification Settings via Nonce Validation Bypass

CVE•added 2026/05/27 5:31 a.m.•17 views

CVE-2026-8938

The CVE-2026-8938 entry concerns the WordPress plugin “auto making JSON-LD” (versions

EUVD•added 2026/05/27 5:31 a.m.•7 views

EUVD-2026-32059

EUVD•added 2026/05/27 5:31 a.m.•10 views

EUVD-2026-32060

NVD•added 2026/05/27 5:16 a.m.•14 views

CVE-2026-9236

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

4.3CVSS0.00128EPSS

ATTACKERKB•added 2026/05/27 4:28 a.m.•8 views

CVE-2026-9236

4.3CVSS5.9AI score0.00128EPSS

Exploits0References6

Vulnrichment•added 2026/05/27 4:28 a.m.•10 views

CVE-2026-9236 CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management

4.3CVSS5.9AI score0.00128EPSS

Cvelist•added 2026/05/27 4:28 a.m.•31 views

CVE-2026-9236 CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management

4.3CVSS0.00128EPSS

CVE•added 2026/05/27 4:28 a.m.•21 views

CVE-2026-9236

CVE-2026-9236 concerns the WordPress plugin CM Ad Changer. The vulnerability is a Cross-Site Request Forgery flaw in all versions up to and including 2.0.7 caused by missing or incorrect nonce validation in the cmac_campaigns_action function. This enables unauthenticated attackers to permanently ...

4.3CVSS5.9AI score0.00128EPSS

6.1CVSS5.7AI score0.00119EPSS

WordPress plugin WP Promoter 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.00139EPSS

WordPress plugin Two-factor authentication 跨站请求伪造漏洞

Exploits0References4

6.1CVSS5.7AI score0.00145EPSS

WordPress plugin WP AutoBuzz 跨站请求伪造漏洞

Exploits0References4

CNNVD•added 2026/05/27 12:0 a.m.•8 views

WordPress plugin Login with NEAR 授权问题漏洞

8.1CVSS5.8AI score0.0039EPSS

WordPress plugin Search Simple Fields 跨站请求伪造漏洞

CNNVD•added 2026/05/27 12:0 a.m.•10 views

WordPress plugin GoStats for WordPress 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CNNVD•added 2026/05/27 12:0 a.m.•7 views

WordPress plugin Genzel breadcrumbs 跨站请求伪造漏洞

4.3CVSS5.8AI score0.00128EPSS

Exploits0References4

CNNVD•added 2026/05/27 12:0 a.m.•7 views

WordPress plugin CDN Linker lite 跨站请求伪造漏洞