UBUNTU-CVE-2026-43483

In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Set/clear CR8 write interception when AVIC is deactivated Explicitly set/clear CR8 write interception when AVIC is deactivated to fix a bug where KVM leaves the interception enabled after AVIC is activated. E.g. if KVM...

CVE-2026-3140 Ultimate Dashboard <= 3.8.14 - Cross-Site Request Forgery to Module Activation/Deactivation

The Ultimate Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.14. This is due to a flawed nonce validation conditional in the 'handlemoduleactions' function. This makes it possible for unauthenticated attackers to toggle plugin...

EUVD-2025-33842

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...

CVE-2025-8606

The GSheetConnector For Gravity Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than, or equal to, 1.3.23. This is due to missing or incorrect nonce validation on the activateplugin and deactivateplugin functions. This makes it possible for attackers to tri...

PT-2025-41678

Name of the Vulnerable Software and Affected Versions GSheetConnector For Gravity Forms plugin for WordPress versions prior to 1.3.24 Description The software is susceptible to Cross-Site Request Forgery due to inadequate nonce validation in the activate plugin and deactivate plugin functions. Th...

EUVD-2025-32404

The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.20.2. This is due to missing or incorrect nonce validation in the '/admin/inc/post-management.php' file. This...

CVE-2025-9886 Trinity Audio <= 5.20.2 - Cross-Site Request Forgery

The Trinity Audio – Text to Speech AI audio player to convert content into audio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.20.2. This is due to missing or incorrect nonce validation in the '/admin/inc/post-management.php' file. This...

WordPress Ultimate Dashboard plugin <= 3.8.7 - Missing Authorization to Authenticated (Subscriber+) Plugin Modules Activation/Deactivation vulnerability

Missing Authorization to Authenticated Subscriber+ Plugin Modules Activation/Deactivation vulnerability discovered by mikemyers in WordPress Plugin Ultimate Dashboard versions = 3.8.7...

Ampache 跨站请求伪造漏洞

Ampache is an open source web-based audio/video application and file manager from Ampache. A cross-site request forgery vulnerability exists in Ampache version 7.0.1, which stems from the current implementation of token resolution failing to properly validate CSRF tokens when activating or...

SUSE CVE-2024-43830

In the Linux kernel, the following vulnerability has been resolved: leds: trigger: Unregister sysfs attributes before calling deactivate Triggers which have trigger specific sysfs attributes typically store related data in trigger-data allocated by the activate callback and freed by the deactivat...

CVE-2022-46805

Cross-Site Request Forgery CSRF vulnerability in Lauri Karisola / WP Trio Conditional Shipping for WooCommerce plugin = 2.3.1 leading to activation/deactivation of plugin rulesets...

Counter Box < 1.2.1 - Arbitrary Counter Activation/Deactivation via CSRF

The plugin is lacking CSRF check when activating and deactivating counters, which could allow attackers to make a logged in admin perform such actions via CSRF attacks https://example.com/wp-admin/admin.php?page=counter-box&id=1&action=activate...

WordPress Zigcy Lite theme <= 2.0.9 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Zigcy Lite theme versions = 2.0.9. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Zigcy Cosmetics theme <= 1.0.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Zigcy Cosmetics theme versions = 1.0.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Vmagazine News <= 1.0.5 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Vmagazine News versions = 1.0.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Arrival theme <= 1.4.2 - Authenticated Arbitrary Plugin Activation/Deactivation vulnerability

Authenticated Arbitrary Plugin Activation/Deactivation vulnerability discovered by Ex.Mi Patchstack in WordPress Arrival theme versions = 1.4.2. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress Catch Web Tools plugin <= 2.7 - Arbitrary Catch IDs Activation/Deactivation vulnerability

Arbitrary Catch IDs Activation/Deactivation vulnerability discovered by Jan w Oleju in WordPress Catch Web Tools plugin versions = 2.7. Solution Update the WordPress Catch Web Tools plugin to the latest available version at least 2.7.1...

WordPress WP Store theme <= 1.1.9 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress WP Store theme versions = 1.1.9. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...

WordPress AccessPress Parallax theme <= 4.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress AccessPress Parallax theme versions = 4.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports, avoids any conversation...

WordPress VMagazine Lite theme <= 1.3.5 - Cross-Site Request Forgery (CSRF) leading to Arbitrary Plugin Activation/Deactivation

Cross-Site Request Forgery CSRF leading to Arbitrary Plugin Activation/Deactivation discovered by Ex.Mi Patchstack in WordPress VMagazine Lite theme versions = 1.3.5. Solution Deactivate and delete. The vendor ignores the vulnerability reports avoids any conversation...