Lucene search
K

379 matches found

Nuclei
Nuclei
added yesterday16 views

PublishPress Capabilities < 2.3.1 - Missing Authorization

The PublishPress Capabilities plugin for WordPress before 2.3.1 does not have proper authorization and CSRF checks when updating settings via the init hook, allowing unauthenticated attackers to update arbitrary blog options, such as setting the default role to administrator. id: CVE-2021-25032...

9.8CVSS7.1AI score0.06745EPSS
Exploits2References4
ATTACKERKB
ATTACKERKB
added yesterday5 views

CVE-2026-11563

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

9.6CVSS6.1AI score0.00109EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/22 5:39 p.m.5 views

CVE-2026-53663

React Router is a router for React. From 7.12.0 until 7.15.1, certain CSRF checks in React Router v7 Framework Mode were insufficient and run on POST requests, but were bypassed on PUT/PATCH/DELETE requests. This is a low severity vulnerability because modern browser protections CORS preflight,...

3.1CVSS5.9AI score0.00106EPSS
Exploits0References2Affected Software2
NVD
NVD
added 2026/06/22 6:16 a.m.12 views

CVE-2026-7859

The Motors WordPress plugin before 1.4.110 does not have proper authorisation and CSRF checks on one of its AJAX actions, allowing unauthenticated attackers to modify arbitrary post metadata, such as the gallery, featured image and, on WooCommerce sites, product prices...

5.3CVSS0.00117EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49578

Name of the Vulnerable Software and Affected Versions React Router version 7 Description Insufficient Cross-Site Request Forgery CSRF checks in Framework Mode allow bypasses when using 'PUT', 'PATCH', or 'DELETE' requests, as the checks were primarily applied to 'POST' requests. CSRF is a type of...

3.1CVSS5.8AI score0.00106EPSS
Exploits0References6
NVD
NVD
added 2026/05/29 2:16 p.m.21 views

CVE-2026-45610

WWBN AVideo is an open source video platform. In 29.0 and earlier, there is a cross-site request forgery vulnerability on the 2FA toggle. plugin/LoginControl/set.json.php accepts POST type=set2FA value=false, calls LoginControl::setUser2FAUser::getId, false on the session-authenticated user, and...

6.5CVSS0.0011EPSS
Exploits0References1
NVD
NVD
added 2026/03/06 6:15 a.m.9 views

CVE-2026-2446

The PowerPack for LearnDash WordPress plugin before 1.3.0 does not have authorization and CRSF checks in an AJAX action, allowing unauthenticated users to update arbitrary WordPress options such as defaultrole etc and create arbitrary admin users...

9.8CVSS0.00303EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.10 views

CVE-2023-4251

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks...

4.3CVSS6.7AI score0.00231EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:46 a.m.10 views

CVE-2022-0634

The ThirstyAffiliates WordPress plugin before 3.10.5 lacks authorization checks in the tainsertexternalimage action, allowing a low-privilege user with a role as low as Subscriber to add an image from an external URL to an affiliate link. Further the plugin lacks csrf checks, allowing an attacker...

4.3CVSS6.6AI score0.00341EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.4 views

CVE-2022-0398

The ThirstyAffiliates Affiliate Link Manager WordPress plugin before 3.10.5 does not have authorisation and CSRF checks when creating affiliate links, which could allow any authenticated user, such as subscriber to create arbitrary affiliate links, which could then be used to redirect users to an...

5.4CVSS6.7AI score0.00309EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.25 views

CVE-2022-0363

The myCred WordPress plugin before 2.4.3.1 does not have any authorisation and CSRF checks in the mycred-tools-import-export AJAX action, allowing any authenticated users, such as subscribers, to call it and import mycred setup, thus creating badges, managing points or creating arbitrary posts...

4.3CVSS6.8AI score0.00339EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/01/09 10:44 a.m.10 views

CVE-2022-0444

The Backup, Restore and Migrate WordPress Sites With the XCloner Plugin WordPress plugin before 4.3.6 does not have authorisation and CSRF checks when resetting its settings, allowing unauthenticated attackers to reset them, including generating a new backup encryption key...

4.3CVSS6.9AI score0.00283EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:20 a.m.5 views

CVE-2024-2739

The Advanced Search WordPress plugin through 1.1.6 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...

8.7CVSS6.8AI score0.00335EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/07 9:19 a.m.7 views

CVE-2024-2232

The lacks CSRF checks allowing a user to invite any user to any group including private groups...

8.1CVSS6.9AI score0.00277EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.9 views

EUVD-2021-11615

Malware in sbrugna...

5.7CVSS5.7AI score0.00386EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-2062

Malware in sbrugna...

8.8CVSS8.7AI score0.00403EPSS
Exploits0References5
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11734

Malware in sbrugna...

5.4CVSS5.4AI score0.00307EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2021-11880

Malware in sbrugna...

5.7CVSS5.6AI score0.00426EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.21 views

EUVD-2021-12007

Malware in sbrugna...

7.1CVSS6.8AI score0.00537EPSS
Exploits2References3
EUVD
EUVD
added 2025/10/07 12:30 a.m.5 views

EUVD-2021-11862

Malware in sbrugna...

5.4CVSS5.5AI score0.00516EPSS
Exploits2References2
Rows per page
Query Builder