CVE-2026-1087

The Guardian News Feed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

CVE-2025-14873

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'callbyroutename' function in the routing layer only validating user capabilities without enforcing...

CVE-2025-14873 LatePoint – Calendar Booking Plugin for Appointments and Events <= 5.2.5 - Cross-Site Request Forgery

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'callbyroutename' function in the routing layer only validating user capabilities without enforcing...

Dating <= 11.2.0 - Cross-Site Request Forgery

Description The Dating theme for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 11.2.0. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perform an unauthorized action via a forged...

CVE-2023-4923

The BEAR for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1.3.3. This is due to missing or incorrect nonce validation on the woobebulkoperationsdelete function. This makes it possible for unauthenticated attackers to delete products via a forged reques...

CVE-2025-13990 Mamurjor Employee Info <= 1.0.0 - Cross-Site Request Forgery to Arbitrary Employee and Related Data Manipulation

The Mamurjor Employee Info plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to create, update, or delete...

CVE-2025-12587 Peer Publish <= 1.0 - Cross-Site Request Forgery

The Peer Publish plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the website management pages. This makes it possible for unauthenticated attackers to add, modify, or delete website configuratio...

PT-2025-46278

Name of the Vulnerable Software and Affected Versions WP-Walla plugin for WordPress versions up to and including 0.5.3.5 Description The WP-Walla plugin for WordPress is susceptible to Cross-Site Request Forgery leading to Stored Cross-Site Scripting. This is a result of lacking nonce verificatio...

CVE-2025-10312 Theme Importer <= 1.0 - Cross-Site Request Forgery

The Theme Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation when processing form submissions in the theme-importer.php file. This makes it possible for unauthenticated attackers to trigger...

CVE-2025-6247

CVE-2025-6247 affects the WordPress Automatic Plugin for WordPress (

CVE-2021-4425

The Defender Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.4.6. This is due to missing or incorrect nonce validation on the verifyotplogintime function. This makes it possible for unauthenticated attackers to verify a one time login...

CVE-2021-4407

The Custom Banners plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.2.2 This is due to missing or incorrect nonce validation on the saveCustomFields function. This makes it possible for unauthenticated attackers to save custom fields via a forge...

PT-2023-31216 · WordPress · Bear

Name of the Vulnerable Software and Affected Versions: The BEAR for WordPress versions up to, and including, 1.1.3.3 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the woobe bulkoperations visibility function. This allows...