CVE-2026-8906

The CVE-2026-8906 entry affects the WordPress WP Promoter plugin (versions up to 1.3). The root cause is missing or incorrect nonce validation enabling Cross-Site Request Forgery, allowing unauthenticated attackers to update settings and inject malicious scripts via forged requests (notably relat...

EUVD-2026-4922

The imwptip plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged...

CVE-2026-1208

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

CVE-2025-14845

The NS IE Compatibility Fixer plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to, and including, 2.1.5. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin'...

CVE-2025-14160

The Upcoming for Calendly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's Calendl...

CVE-2024-0374

The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.2.2. This is due to missing or incorrect nonce validation on the 'createview' function. This makes it possible for...

CVE-2024-13684

The Reset plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6. This is due to missing or incorrect nonce validation on the resetdbpage function. This makes it possible for unauthenticated attackers to reset several tables in the database like...

CVE-2024-0847 5280 Bootstrap Modal Contact Form <= 1.0 - Cross-Site Request Forgery to Bulk Delete Messages

The 5280 Bootstrap Modal Contact Form plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in class-sbmm-list-table.php. This makes it possible for unauthenticated attackers to bulk delete...

LiveChat Elementor < 1.0.14 - Cross-Site Request Forgery

Description The WordPress Live Chat Plugin for Elementor – LiveChat plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.13. This is due to missing or incorrect nonce validation via several functions in the...

CVE-2024-1906

The Categorify plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7.4. This is due to missing or incorrect nonce validation on the categorifyAjaxAddCategory function. This makes it possible for unauthenticated attackers to add categories via...

Red Hat Quay Security Vulnerability

Red Hat Quay is a distributed container image repository from Red Hat, Inc. that is used to build, distribute and deploy containers. Red Hat Quay suffers from a security vulnerability that stems from the vulnerability of config-editor pages to clickjacking attacks. An attacker can exploit this...

CVE-2023-3764

The WooCommerce PDF Invoice Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.2.90. This is due to missing or incorrect nonce validation on the Save function. This makes it possible for unauthenticated attackers to make changes to invoice...

Cross site request forgery (csrf)

The Active Directory Integration plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to time-based SQL Injection via the orderby and order parameters in versions up to, and including, 4.1.4 due to missing nonce verification on the getusers function and insufficient escaping o...

Cross site request forgery (csrf)

The WP Fastest Cache plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the wpfcremovecdnintegrationajaxrequestcallback function. This makes it possible for unauthenticated attackers to...

CVE-2021-44942

glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery CSRF vulnerability in /publichtml/admin/plugins/badbehavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist...

Multiple Vulnerabilities in phpGraphy

High-Tech Bridge SA Security Research Lab has discovered vulnerabilities in phpGraphy which could be exploited to perform cross-site scripting and cross-site request forgery attacks. 1 Cross-site scripting XSS vulnerability in phpGraphy The vulnerability exists due to input sanitation error in th...