CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/06/02 7:48 a.m.•10 views

CVE-2026-9722 Laiser Tag <= 1.2.5 - Cross-Site Request Forgery to Plugin Settings Update via Settings Form

CVE•added 2026/06/02 7:48 a.m.•16 views

CVE-2026-9722

The CVE-2026-9722 entry concerns the WordPress plugin Laiser Tag, affected versions ≤ 1.2.5. The root cause is missing or incorrect nonce validation in the addOptionsPageFields function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to modify plugin settings (API key,...

EUVD•added 2026/06/02 7:48 a.m.•11 views

EUVD-2026-33899

ATTACKERKB•added 2026/06/02 7:48 a.m.•10 views

CVE-2026-9722

Cvelist•added 2026/06/02 7:48 a.m.•37 views

Exploits0References5

CVE-2026-8422 Remove meta boxes per user role <= 1.01 - Cross-Site Request Forgery to Settings Update

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

4.3CVSS0.00132EPSS

Exploits0References7

CVE•added 2026/06/02 7:48 a.m.•18 views

CVE-2026-9730

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0 due to missing/incorrect nonce validation on gmz_comment_settings_save, allowing unauthenticated attackers to modify the plugin’s comment-display setting via a forged reque...

EUVD•added 2026/06/02 7:48 a.m.•16 views

EUVD-2026-33898

4.3CVSS5.7AI score0.00132EPSS

Exploits0References7

EUVD•added 2026/06/02 7:48 a.m.•11 views

EUVD-2026-33896

The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...

ATTACKERKB•added 2026/06/02 7:48 a.m.•7 views

CVE-2026-9599

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

Vulnrichment•added 2026/06/02 7:48 a.m.•9 views

Exploits0References5

CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

EUVD•added 2026/06/02 7:48 a.m.•10 views

EUVD-2026-33894

Cvelist•added 2026/06/02 7:48 a.m.•39 views

CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update

4.3CVSS0.00128EPSS

CVE•added 2026/06/02 7:48 a.m.•15 views

CVE-2026-9599

The CVE-2026-9599 entry describes a CSRF vulnerability in the WordPress Tectite Forms plugin (versions up to and including 1.3) caused by missing or incorrect nonce validation in admin_init. This allows unauthenticated attackers to modify plugin settings (e.g., tectite_forms_button) through forge...

Cvelist•added 2026/06/02 7:48 a.m.•39 views

CVE-2026-9723 Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

4.3CVSS0.00128EPSS

EUVD•added 2026/06/02 7:48 a.m.•10 views

EUVD-2026-33890

CVE•added 2026/06/02 7:48 a.m.•13 views

CVE-2026-9723

CVE-2026-9723 affects the WordPress plugin Google Plus One Bottom (versions