Lucene search
K

385 matches found

EUVD
EUVD
added 2025/12/05 5:31 a.m.6 views

EUVD-2025-201385

The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...

4.3CVSS4.8AI score0.00133EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/05 12:0 a.m.8 views

PT-2025-49185

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the Xcloner Remote Storage:save function. This makes it possible for...

4.3CVSS5.3AI score0.00106EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/02 4:37 a.m.2 views

CVE-2025-13606 Export All Posts, Products, Orders, Refunds & Users <= 2.19 - Cross-Site Request Forgery to Sensitive Information Exposure

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.19. This is due to missing or incorrect nonce validation on the parseData function. This makes it possible for unauthenticated attackers...

6.5CVSS4.8AI score0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/12/02 12:0 a.m.6 views

PT-2025-48648

The SurveyJS: Drag & Drop WordPress Form Builder plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.12.20. This is due to missing nonce validation on the SurveyJS DeleteSurvey AJAX action. This makes it possible for unauthenticated attackers t...

4.3CVSS5.4AI score0.00129EPSS
Exploits0References4
NVD
NVD
added 2025/11/27 6:15 a.m.6 views

CVE-2025-13143

The Poll, Survey & Quiz Maker Plugin by Opinion Stage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.12.0. This is due to missing or insufficient nonce validation on the disconnectaccountaction function. This makes it possible for...

4.3CVSS0.00129EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/25 7:28 a.m.12 views

CVE-2025-13386 Social Images Widget <= 2.1 - Missing Authorization to Unauthenticated Arbitrary Plugin Settings Deletion

The Social Images Widget plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'optionsupdate' function in all versions up to, and including, 2.1. This makes it possible for unauthenticated attackers to delete the plugin's settings via a...

5.3CVSS0.00236EPSS
Exploits0References3
EUVD
EUVD
added 2025/11/11 6:30 a.m.8 views

EUVD-2025-60950

The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...

6.1CVSS4.5AI score0.00126EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/11/11 3:30 a.m.4 views

CVE-2025-12590 YSlider <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The YSlider plugin for WordPress is vulnerable to Cross-Site Request Forgery to Stored Cross-Site Scripting in all versions up to, and including, 1.1. This is due to missing nonce verification on the content configuration page and insufficient input sanitization and output escaping. This makes it...

6.1CVSS4.6AI score0.00126EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/11/11 3:30 a.m.9 views

CVE-2025-12588 USB Qr Code Scanner For Woocommerce <= 1.0.0 - Cross-Site Request Forgery to Settings Update

The USB Qr Code Scanner For Woocommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's settings...

4.3CVSS0.00131EPSS
Exploits0References3
CVE
CVE
added 2025/11/04 3:26 a.m.16 views

CVE-2025-12401

CVE-2025-12401 – Label Plugins (WordPress): The WordPress Label Plugins plugin (versions up to 0.5) is affected by Cross-Site Request Forgery due to missing or incorrect nonce validation in label_plugins_options(), enabling unauthenticated attackers to update settings and inject malicious scripts...

6.1CVSS5AI score0.00142EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/31 9:30 a.m.3 views

EUVD-2025-37309

The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zfgetfilebyurl function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read arbitrary...

6.8CVSS5.2AI score0.00362EPSS
Exploits0References3
NVD
NVD
added 2025/10/31 8:15 a.m.3 views

CVE-2025-8385

The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.5. This is due to insufficient input validation in the zfgetfilebyurl function. This makes it possible for authenticated attackers, with subscriber-level access and above, to read arbitrary...

6.8CVSS0.00362EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/10/27 3:13 p.m.6 views

CVE-2025-34133 Wimi Teamwork < v7.38.17 CSRF

Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery CSRF vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrftoken' without validating the field’s value; only the presence of the field is checked. An attacker can craf...

7CVSS6.7AI score0.00231EPSS
Exploits0References3
NVD
NVD
added 2025/10/25 7:15 a.m.10 views

CVE-2025-11976

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

4.3CVSS0.00124EPSS
Exploits0References2
NVD
NVD
added 2025/10/24 9:15 a.m.8 views

CVE-2025-11992

The Multi Item Responsive Slider plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'mioptions.php' page. This makes it possible for unauthenticated attackers to update settings an...

6.1CVSS0.00191EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/24 8:23 a.m.6 views

EUVD-2025-35821

The Disable Content Editor For Specific Template plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0. This is due to missing nonce validation on template configuration updates. This makes it possible for unauthenticated attackers to add or...

4.3CVSS5AI score0.00122EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/10/16 8:33 a.m.6 views

CVE-2025-10300

The TopBar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.0. This is due to missing or incorrect nonce validation on the fmenbtopbarsavesettings function. This makes it possible for unauthenticated attackers to update the plugin's settin...

4.3CVSS5.2AI score0.00152EPSS
Exploits0References1
NVD
NVD
added 2025/10/15 9:15 a.m.10 views

CVE-2025-10301

The FunKItools plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.2. This is due to missing or incorrect nonce validation on the saveFields function. This makes it possible for unauthenticated attackers to update plugin settings via a forged...

4.3CVSS0.00122EPSS
Exploits0References2
CVE
CVE
added 2025/10/15 8:25 a.m.19 views

CVE-2025-10300

CVE-2025-10300 affects the WordPress TopBar plugin (versions

4.3CVSS4.9AI score0.00152EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/10/12 10:5 a.m.13 views

CVE-2025-9621

The WidgetPack Comment System plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.6.1. This is due to missing or incorrect nonce validation on the wpcmtsync action in the wpcmtrequesthandler function. This makes it possible for unauthenticated...

4.3CVSS5.2AI score0.00151EPSS
Exploits0References1
Rows per page
Query Builder