CVE-2026-9618

The PeachPay — Payments & Express Checkout for WooCommerce supports Stripe, PayPal, Square, Authorize.net, NMI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.120.46. This is due to missing or incorrect nonce validation on the...

CVE-2025-14873

The CVE-2025-14873 CSRF vulnerability exists in LatePoint for WordPress (up to version 5.2.5). It arises because call_by_route_name does not enforce nonce verification, allowing unauthenticated attackers to induce site administrators to perform actions via forged requests. Remediation: update to ...

CVE-2025-14873

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'callbyroutename' function in the routing layer only validating user capabilities without enforcing...

WordPress Coil Web Monetization plugin Cross-Site Request Forgery Vulnerability

The WordPress Coil Web Monetization plugin is a WordPress plugin that allows websites to monetize content through the WebMonetizationAPI, which allows users to pay content creators directly through a browser extension. The WordPress Coil Web Monetization plugin suffers from a cross-site request...

WordPress plugin FunKItools 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. WordPress FunKItools plugin has a cross-site request forgery vulnerability that stems from a missing or incorrect random number validation of the saveFields function, which can ...

PT-2025-40472

Name of the Vulnerable Software and Affected Versions PayPal Forms plugin for WordPress versions up to and including 1.0.3 Description The PayPal Forms plugin for WordPress is susceptible to Cross-Site Request Forgery. This is a result of a lack of nonce validation during form creation and...

WordPress WP Post Hide Cross-Site Request Forgery Vulnerability

WordPress WP Post Hide is a plugin for controlling the visibility of WordPress posts, hiding the display of specific posts in different locations such as the home page, category pages, and search results pages. WordPress WP Post Hide suffers from a cross-site request forgery vulnerability, which...

CVE-2024-12279

The WP Social AutoConnect plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a...

WordPress Satoshi Cross-Site Request Forgery Vulnerability

WordPress is a blogging platform based on the PHP language, which can be used to set up a website on a server that supports PHP and MySQL databases, and can also be used as a content management system CMS. Cross-site request forgery vulnerability exists in WordPress Satoshi, where an attacker,...