EUVD-2026-35304

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the processinit function hooked to admininit, which saves plugin settings zoom-level, focus-lat, focus-lng, selplaces, selroutes v...

PT-2026-47680

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the process init function hooked to admin init, which saves plugin settings zoom-level, focus-lat, focus-lng, sel places, sel rout...

CVE-2026-6405 Anomify AI <= 0.3.6 - Cross-Site Request Forgery

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

PT-2026-39972

The WP-Redirection plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.0.3. This is due to the absence of a nonce field in the admin settings form and the lack of any nonce verification via check admin referer or wp verify nonce in the...

CVE-2025-10588

CVE-2025-10588 affects PixelYourSite – Your smart PIXEL (TAG) & API Manager (WordPress) up to version 11.1.2. The issue is a Cross-Site Request Forgery (CSRF) vulnerability caused by missing or incorrect nonce validation in the adminEnableGdprAjax() function, enabling unauthenticated attackers to...