CVE-2026-8907

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the processinit function hooked to admininit, which saves plugin settings zoom-level, focus-lat, focus-lng, selplaces, selroutes v...

CVE-2026-27503 SVXportal <= 2.5 admin/log.php Search Reflected XSS

SVXportal version 2.5 and prior contain a reflected cross-site scripting vulnerability in admin/log.php via the search query parameter. When an authenticated administrator views a crafted URL, the application embeds the unsanitized parameter value directly into an HTML input value attribute,...

CVE-2025-12402 LinkedIn Resume <= 2.00 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The LinkedIn Resume plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.00. This is due to missing or incorrect nonce validation on the linkedinresumeprintAdminPage function. This makes it possible for unauthenticated attackers to update settin...

CVE-2020-36757

The WP Hotel Booking plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.10.1. This is due to missing or incorrect nonce validation on the adminaddorderitem function. This makes it possible for unauthenticated attackers to add an order item via a...