21974 matches found
CVE-2026-57761
Unauthenticated Cross Site Request Forgery CSRF in SEOWP = 3.12.2 versions...
CVE-2026-57766
Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...
CVE-2026-57759
Unauthenticated Cross Site Request Forgery CSRF in ProfileGrid = 5.9.9.7 versions...
CVE-2026-57758
Unauthenticated Cross Site Request Forgery CSRF in Permalink Manager for WooCommerce = 1.0.8.2 versions...
CVE-2026-57747
Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...
CVE-2026-57751
Unauthenticated Cross Site Request Forgery CSRF in Heateor Social Login = 1.1.39 versions...
CVE-2026-57690
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
CVE-2026-57766
This CVE covers an Unauthenticated Cross Site Request Forgery (CSRF) in the WordPress WPIDE – File Manager & Code Editor plugin, affecting versions
EUVD-2026-41321
Unauthenticated Cross Site Request Forgery CSRF in WPIDE – File Manager & Code Editor = 3.5.6 versions...
CVE-2026-57757
CVE-2026-57757 concerns the WordPress plugin pCloud WP Backup (versions
CVE-2026-57757 WordPress pCloud WP Backup plugin <= 2.0.2 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in pCloud WP Backup = 2.0.2 versions...
CVE-2026-57751
The CVE-2026-57751 entry concerns the WordPress plugin Heateor Social Login (versions
CVE-2026-57747
CVE-2026-57747 is an unauthenticated CSRF vulnerability in the WordPress Booked plugin
CVE-2026-57747 WordPress Booked plugin <= 3.0.0 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...
EUVD-2026-41303
Unauthenticated Cross Site Request Forgery CSRF in Booked = 3.0.0 versions...
CVE-2026-57690
The CVE-2026-57690 entry documents an unauthenticated Cross Site Request Forgery (CSRF) in the WordPress Werkstatt theme versions ≤ 4.7.2. The vulnerability affects the Werkstatt theme (WordPress plugin/theme) and is described as CSRF without details on exploit vectors beyond unauthenticated acce...
CVE-2026-57690 WordPress Werkstatt theme <= 4.7.2 - Cross Site Request Forgery (CSRF) vulnerability
Unauthenticated Cross Site Request Forgery CSRF in Werkstatt = 4.7.2 versions...
Email Subscribers & Newsletters <= 5.3.1 - Authenticated SQL Injection
The Email Subscribers & Newsletters WordPress plugin before 5.3.2 does not correctly escape the order and orderby parameters to the ajaxfetchreportlist action, making it vulnerable to blind SQL injection attacks by users with roles as low as Subscriber. Further, it does not have any CSRF protecti...
Ozette Plugins - Cross-Site Request Forgery
An attacker can update, create, and remove the site's mobile redirects via a forged request granted they can trick a site administrator into performing an action such as clicking on a link. id: CVE-2023-23897 info: name: Ozette Plugins - Cross-Site Request Forgery author: popcorn94 severity: medi...
WordPress WPIDE – File Manager & Code Editor plugin <= 3.5.6 - Cross Site Request Forgery (CSRF) vulnerability
Cross Site Request Forgery CSRF vulnerability discovered by dodoh4t in WordPress Plugin WPIDE – File Manager & Code Editor versions = 3.5.6...