Lucene search
+L

648 matches found

EUVD
EUVD
added 2026/06/01 9:4 a.m.13 views

EUVD-2026-33615

SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupesave create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...

8.8CVSS5.8AI score0.00273EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45362

SOPlanning is vulnerable to Cross‑Site Request Forgery CSRF in groupe save create, modify and delete endpoints. An attacker can craft a malicious website that, when visited by an authenticated user, automatically sends a forged GET or POST request to the application. This issue affects SOPlanning...

5.1CVSS5.8AI score0.00182EPSS
Exploits0References3
NVD
NVD
added 2026/05/29 4:16 p.m.19 views

CVE-2018-25387

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksiuser.php script with parameters like iduser, password, and leve...

6.9CVSS0.00175EPSS
Exploits0References4
CVE
CVE
added 2026/05/29 2:46 p.m.19 views

CVE-2018-25387

HaPe PKH 1.1 is affected by a cross-site request forgery (CSRF) vulnerability in the aksi_user.php endpoint that enables an attacker to change administrator passwords without authentication by submitting forged requests with parameters such as id_user, password, and level. The vulnerability descr...

6.9CVSS5.7AI score0.00175EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/29 2:46 p.m.15 views

EUVD-2018-21909

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksiuser.php script with parameters like iduser, password, and leve...

6.9CVSS5.7AI score0.00175EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 2:46 p.m.13 views

CVE-2018-25387 HaPe PKH 1.1 Cross-Site Request Forgery via aksi_user.php

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksiuser.php script with parameters like iduser, password, and leve...

6.9CVSS5.7AI score0.00175EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/05/29 2:46 p.m.35 views

CVE-2018-25387 HaPe PKH 1.1 Cross-Site Request Forgery via aksi_user.php

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksiuser.php script with parameters like iduser, password, and leve...

6.9CVSS0.00175EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.10 views

PT-2026-44865

HaPe PKH 1.1 contains a cross-site request forgery vulnerability that allows attackers to change administrator passwords by submitting forged requests to the user update endpoint. Attackers can craft malicious forms targeting the aksi user.php script with parameters like id user, password, and...

6.9CVSS5.7AI score0.00175EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

Sitejo HaPe PKH 跨站请求伪造漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains a cross-site request forgeing vulnerability. This vulnerability stems from the lack of verification of the request source, which may allow attacker...

6.9CVSS5.7AI score0.00175EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/27 7:45 a.m.12 views

CVE-2026-8906

The WP Promoter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scripts...

6.1CVSS5.7AI score0.00119EPSS
Exploits0References6
EUVD
EUVD
added 2026/05/27 5:31 a.m.13 views

EUVD-2026-32085

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/27 5:31 a.m.16 views

CVE-2026-7614 Old Posts Highlighter <= 1.0.3 - Cross-Site Request Forgery to Settings Update

The Old Posts Highlighter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing or incorrect nonce validation on the OPHoptions function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
EUVD
EUVD
added 2026/05/27 5:31 a.m.12 views

EUVD-2026-32073

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...

4.3CVSS5.7AI score0.00139EPSS
Exploits0References4
CVE
CVE
added 2026/05/27 5:31 a.m.22 views

CVE-2026-8939

The CVE-2026-8939 entry concerns the WordPress plugin Search Simple Fields (

4.3CVSS5.7AI score0.0014EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43568

Cross-site request forgery CSRF vulnerabilities allow attackers to exploit a user's authenticated session to forge cross-site requests, inducing the execution of unintended operations such as tampering with configuration data...

5.3CVSS5.8AI score0.00109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43537

The GoStats for WordPress plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing or incorrect nonce validation on the gostats manage function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.8 views

ZTE ZXUniPOS NDS-LTE 安全漏洞

ZTE ZXUniPOS NDS-LTE is an operator network positioning platform developed by ZTE Corporation. ZTE ZXUniPOS NDS-LTE has a security vulnerability. This vulnerability stems from cross-site request forgery, which allows attackers to forge cross-site requests using authenticated user sessions, thereb...

5.3CVSS5.7AI score0.00109EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.17 views

PT-2026-43495

The CM Ad Changer – A simple tool to control and optimize your site's banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.7. This is due to missing or incorrect nonce validation on the cmac campaigns action function. This makes it...

4.3CVSS5.9AI score0.00128EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.18 views

PT-2026-43534

The auto making JSON-LD plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.3. This is due to missing or incorrect nonce validation on the amJL certification function. This makes it possible for unauthenticated attackers to update the plugin'...

4.3CVSS5.7AI score0.0014EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/05/23 8:12 a.m.21 views

CVE-2026-4070

The Alfie – Feed Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the alfiemanage function which handles feed deletion via the 'delete' GET parameter. This makes it possible for...

4.3CVSS5.9AI score0.00164EPSS
Exploits0References1
Rows per page
Query Builder