CVE-2026-9236

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

CVE-2026-9236

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

CVE-2026-9236 CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

CVE-2026-9236

CVE-2026-9236 concerns the WordPress plugin CM Ad Changer. The vulnerability is a Cross-Site Request Forgery flaw in all versions up to and including 2.0.7 caused by missing or incorrect nonce validation in the cmac_campaigns_action function. This enables unauthenticated attackers to permanently ...

CVE-2026-9236 CM Ad Changer <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion via Campaign Management

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmaccampaignsaction function. This makes it...

PT-2026-43495

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmac campaigns action function. This makes it...

WordPress CM Ad Changer – A simple tool to control and optimize your site's banners plugin <= 2.0.7 - Cross-Site Request Forgery to Campaign Deletion vulnerability

Cross-Site Request Forgery to Campaign Deletion vulnerability discovered by jamaal in WordPress Plugin CM Ad Changer versions = 2.0.7...

EUVD-2013-5786

Malware in sbrugna...

WordPress ENL Newsletter plugin <= 1.0.1 - Campaign Deletion via CSRF vulnerability

Campaign Deletion via CSRF vulnerability discovered by Bob Matyas in WordPress Plugin ENL Newsletter versions = 1.0.1...

CVE-2024-3059 ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF

The ENL Newsletter WordPress plugin through 1.0.1 does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack...

PT-2024-23507 · WordPress · Enl Newsletter

Name of the Vulnerable Software and Affected Versions: ENL Newsletter WordPress plugin versions 1.0.1 and earlier Description: The issue concerns a lack of CSRF checks in certain areas, potentially allowing attackers to manipulate logged-in administrators into deleting arbitrary campaigns through...

ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack PoC Make an admin open a URL like where is a valid ID: http://example.com/wp-admin/admin.php?page=enl-campaigns=campaign-delete=...

ENL Newsletter <= 1.0.1 - Campaign Deletion via CSRF

Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in admins delete arbitrary Campaigns via a CSRF attack Make an admin open a URL like where is a valid ID: http://example.com/wp-admin/admin.php?page=enl-campaigns&action=campaign-delete&id=...

HackerOne: Insecure Direct Object Reference (IDOR) - Delete Campaigns

An insecure direct object reference IDOR vulnerability was discovered on a website, which allowed an attacker to delete any campaign based on the campaign ID. By modifying the campaign ID parameter in the request, an attacker could delete campaigns on any program. This vulnerability could have...

Cross-Site Request Forgery (CSRF) in tsolucio/corebos

✍️ Description Attacker able to delete any Campaign with CSRF attack because there is any CSRF protection for related endpoint. It does not matter at all that your application run in localhost or elsewhere, just it is enough to run on a browser and another low privilege user or attackers know the...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in OpenX 2.8.11 and earlier allow remote attackers to hijack the authentication of administrators for requests that delete 1 users via admin/agency-user-unlink.php, 2 advertisers via admin/advertiser-delete.php, 3 banners via...