10 matches found
CVE-2026-4070
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...
CVE-2026-4070 Alfie <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion via 'delete' Parameter
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...
CVE-2026-4070 Alfie <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion via 'delete' Parameter
The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...
WordPress Alfie – Feed Plugin plugin <= 1.2.1 - Cross-Site Request Forgery to Feed Deletion vulnerability
Cross-Site Request Forgery to Feed Deletion vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Alfie versions = 1.2.1...
CVE-2025-7828
The WP Filter & Combine RSS Feeds plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the postlistingpage function in all versions up to, and including, 0.4. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2025-7842 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion
The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...
CVE-2025-7842 Silencesoft RSS Reader <= 0.6 - Cross-Site Request Forgery to RSS Feed Deletion
The Silencesoft RSS Reader plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.6. This is due to missing or incorrect nonce validation on the 'silrsseditpage' page. This makes it possible for unauthenticated attackers to delete RSS feeds via a...
Social Slider Feed < 2.0.5 - Subscriber+ Arbitrary Feed Deletion
The plugin does not have authorisation and CSRF check in place when deleting feeds, allowing ay authenticated users, such as subscriber to delete arbitrary feeds PoC As any authenticated user, such as subscriber. Or via CSRF against them...
Social Slider Feed < 2.0.5 - Subscriber+ Arbitrary Feed Deletion
The plugin does not have authorisation and CSRF check in place when deleting feeds, allowing ay authenticated users, such as subscriber to delete arbitrary feeds As any authenticated user, such as subscriber. Or via CSRF against them...
CVE-2008-0272
Cross-site request forgery CSRF vulnerability in the aggregator module in Drupal 4.7.x before 4.7.11 and 5.x before 5.6 allows remote attackers to delete items from a feed as privileged users...