CVE-2026-9618 PeachPay <= 1.120.46 - Cross-Site Request Forgery to Stripe Unlink

The PeachPay — Payments & Express Checkout for WooCommerce supports Stripe, PayPal, Square, Authorize.net, NMI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.120.46. This is due to missing or incorrect nonce validation on the...

CVE-2026-1081 Set Bulk Post Categories <= 1.1 - Cross-Site Request Forgery to Bulk Post Category Update

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

CVE-2026-1081

The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...

CVE-2025-12590

The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...

EUVD-2025-29011

Malicious code in bioql PyPI...

CVE-2025-9887

The Custom Login And Signup Widget plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation in the /frndzkadminclsw.php file. This makes it possible for unauthenticated attackers to change the...

CVE-2025-7839

The Restore Permanently delete Post or Page Data plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the rpdpodpaajaxdpdeletedata function. This makes it possible for unauthenticated...

CVE-2025-8592

The Inspiro theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.2. This is due to missing or incorrect nonce validation on the inspiroinstallplugin function. This makes it possible for unauthenticated attackers to install plugins from the...

CVE-2025-8102

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...

CVE-2021-4416

The wp-mpdf plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1. This is due to missing or incorrect nonce validation on the mpdfadminsavepost function. This makes it possible for unauthenticated attackers to save post data via a forged request...

PT-2024-39711 · WordPress · Amp For Wp – Accelerated Mobile Pages

Name of the Vulnerable Software and Affected Versions: AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to, and including, 1.0.99.1 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the proxy function. This allows...