Lucene search
K

17 matches found

EUVD
EUVD
added 2026/06/11 12:32 a.m.10 views

EUVD-2026-36140

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References3
NVD
NVD
added 2026/06/10 10:17 p.m.12 views

CVE-2026-53739

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS0.00104EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/10 8:39 p.m.32 views

CVE-2026-53739 Yoast Duplicate Post through 4.6 Cross-Site Request Forgery via duplicate_post_dismiss_notice

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicatepostdismissnotice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicatepostshownotice site option, suppressing...

5.1CVSS0.00104EPSS
Exploits0References2
CVE
CVE
added 2026/06/10 8:39 p.m.31 views

CVE-2026-53739

CVE-2026-53739 affects the WordPress plugin Yoast Duplicate Post up to version 4.6. The issue is a cross-site request forgery in the duplicate_post_dismiss_notice handler that does not verify a nonce or capability. This allows an attacker to trick an authenticated user into issuing a request that...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/10 12:0 a.m.11 views

PT-2026-48553

Yoast Duplicate Post through 4.6 contains a cross-site request forgery vulnerability in the duplicate post dismiss notice handler, which verifies no nonce or capability. Attackers can trick any authenticated user into sending a request that sets the duplicate post show notice site option,...

5.1CVSS5.2AI score0.00104EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 2:56 a.m.6 views

CVE-2023-0831

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismissnotice function called via the adminactionucpdismissnotice action. This makes it possible for...

4.3CVSS4.4AI score0.0025EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/05/07 12:0 a.m.104 views

📄 WordPress ConvertPlus 3.5.30 Denial of Service

The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the cpdismissnotice AJAX endpoint in all versions up to, and including, 3.5.30. CVE-2024-13800 Popup Plugin For WordPress - ConvertPlus...

8.1CVSS9.2AI score0.00434EPSS
Exploits1
OSV
OSV
added 2025/02/12 5:15 a.m.2 views

CVE-2024-13800

The ConvertPlus plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to a missing capability check on the 'cpdismissnotice' AJAX endpoint in all versions up to, and including, 3.5.30. This makes it possible for authenticated attackers,...

8.1CVSS7.1AI score0.00434EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/05/03 12:0 a.m.4 views

PT-2024-24538 · WordPress · Convertplug

Name of the Vulnerable Software and Affected Versions: ConvertPlug plugin for WordPress versions up to, and including, 3.5.25 Description: The issue is related to a missing capability check on the cp dismiss notice function, allowing authenticated attackers with subscriber-level access and above ...

5.4CVSS6.8AI score0.00368EPSS
Exploits0References6
OSV
OSV
added 2023/06/09 6:15 a.m.4 views

CVE-2023-0831

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismissnotice function called via the adminactionucpdismissnotice action. This makes it possible for...

4.3CVSS6.3AI score0.0025EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2023/06/09 6:15 a.m.3 views

CVE-2023-0831

The Under Construction plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.96. This is due to missing or incorrect nonce validation on the dismissnotice function called via the adminactionucpdismissnotice action. This makes it possible for...

4.3CVSS5.8AI score0.0025EPSS
Exploits0References3
OSV
OSV
added 2022/04/11 3:15 p.m.2 views

CVE-2022-0271

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.4AI score0.02254EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/04/11 3:15 p.m.5 views

CVE-2022-0271

The LearnPress WordPress plugin before 4.1.6 does not sanitise and escape the lp-dismiss-notice before outputting it back via the lpbackgroundsingleemail AJAX action, leading to a Reflected Cross-Site Scripting...

6.1CVSS6.3AI score0.02254EPSS
Exploits2References3
OSV
OSV
added 2022/04/04 4:15 p.m.4 views

CVE-2022-0404

The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7mddismissnotice action, allowing any logged in user with roles as low as Subscriber to set...

6.5CVSS6.7AI score0.01036EPSS
Exploits2References1
ATTACKERKB
ATTACKERKB
added 2022/04/04 4:15 p.m.7 views

CVE-2022-0404

The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7mddismissnotice action, allowing any logged in user with roles as low as Subscriber to set...

6.5CVSS6.6AI score0.01036EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added 2022/04/04 12:0 a.m.5 views

PT-2022-13158 · WordPress · Contact Form 7 Material Design

Name of the Vulnerable Software and Affected Versions: Material Design for Contact Form 7 WordPress plugin versions 2.6.4 and earlier Description: The issue allows any logged-in user, even those with low roles such as Subscriber, to set arbitrary options to true due to a lack of authorization...

6.5CVSS6.4AI score0.01036EPSS
Exploits2References7
OSV
OSV
added 2019/08/29 1:15 p.m.5 views

CVE-2019-15779

The insta-gallery plugin before 2.4.8 for WordPress has no nonce validation for qliggdismissnotice or qliggformitemdelete...

8.8CVSS7.3AI score0.00691EPSS
Exploits0References2
Rows per page
Query Builder