CVE-2026-0267 GlobalProtect App: Information Exposure Vulnerability on macOS

An information exposure vulnerability in the Palo Alto Networks GlobalProtect app on macOS enables a local user to learn the configured passcodes for disabling, disconnecting, or uninstalling the GlobalProtect app. After the passcode is known, the user can perform these actions even if the...

CVE-2026-1930

The Emailchef plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the pageoptionsajaxdisconnect function in all versions up to, and including, 3.5.1. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2026-4002 Petje.af <= 2.1.8 - Cross-Site Request Forgery to Account Deletion via 'petjeaf_disconnect' AJAX Action

The Petje.af plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 2.1.8. This is due to missing nonce validation in the ajaxrevoketoken function which handles the 'petjeafdisconnect' AJAX action. The function performs destructive operations includin...

CVE-2026-1981

The Winston AI WordPress plugin (HUMN-1 AI Website Scanner & Human Certification)

PT-2026-23761

The HUMN-1 AI Website Scanner & Human Certification by Winston AI plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the winston disconnect function in all versions up to, and including, 0.0.3. This makes it possible for authenticated...

CVE-2025-13143

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insufficient nonce validation on the disconnectaccountaction function. This makes it possible for...

EUVD-2025-199791

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insufficient nonce validation on the disconnectaccountaction function. This makes it possible for...

CVE-2025-13143

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insufficient nonce validation on the disconnectaccountaction function. This makes it possible for...

CVE-2025-13143 Poll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.12.0 - Cross-Site Request Forgery to Account Disconnection

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insufficient nonce validation on the disconnectaccountaction function. This makes it possible for...

CVE-2025-13143

CVE-2025-13143 : The Poll, Survey & Quiz Maker Plugin by Opinion Stage (WordPress) is vulnerable to Cross-Site Request Forgery in all versions up to 19.12.0 due to missing nonce validation on disconnect_account_action. Unauthenticated attackers can disconnect the site from the Opinion Stage integ...

PT-2025-48237

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insufficient nonce validation on the disconnect account action function. This makes it possible for...

PT-2024-38530 · Ays · Ai Chatbot With Chatgpt/Content Generator

Name of the Vulnerable Software and Affected Versions: AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin versions prior to 2.1.0 Description: The issue is related to insufficient access controls in the AI ChatBot with ChatGPT and Content Generator by AYS WordPress plugin,...