89459 matches found
CVE-2026-9730
The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to 1.0 due to missing/incorrect nonce validation on gmz_comment_settings_save, allowing unauthenticated attackers to modify the plugin’s comment-display setting via a forged reque...
EUVD-2026-33898
The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...
EUVD-2026-33896
The Remove NoFollow Commenter URL plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the gmzcommentsettingssave function. This makes it possible for unauthenticated attackers to modify...
CVE-2026-9599
The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...
CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update
The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...
EUVD-2026-33894
The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...
CVE-2026-9599 Tectite Forms <= 1.3 - Cross-Site Request Forgery to Settings Update
The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admininit function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...
CVE-2026-9599
The CVE-2026-9599 entry describes a CSRF vulnerability in the WordPress Tectite Forms plugin (versions up to and including 1.3) caused by missing or incorrect nonce validation in admin_init. This allows unauthenticated attackers to modify plugin settings (e.g., tectite_forms_button) through forge...
CVE-2026-9723 Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page
The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...
EUVD-2026-33890
The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...
CVE-2026-9723
CVE-2026-9723 affects the WordPress plugin Google Plus One Bottom (versions
CVE-2026-9723 Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page
The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...
CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change
The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...
EUVD-2026-33888
The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...
CVE-2026-4071
The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...
CVE-2026-4071
The BirdSeed WordPress plugin is affected by a Cross-Site Request Forgery in all versions up to and including 2.2.0. The root cause is missing nonce validation in the birdseed_plugin_settings_page() function, which processes the birdseed_token GET parameter and saves it via update_option() withou...
CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change
The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the Import function in the TTS Configuration Endpoint. An attacker can access internal resources or services by sending crafted requests through the vulnerable endpoint. Remediation Upgrade...
CVE-2026-10583
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.11.3. Affected by this issue is the function Import of the file internal/http/ttsconfig.go of the component TTS Configuration Endpoint. The manipulation leads to server-side request forgery. It is possible to initiate t...
CVE-2026-10581
A flaw has been found in DedeCMS 5.7.88. Affected by this vulnerability is the function base64decode of the file /plus/download.php?open=1. This manipulation of the argument Link causes server-side request forgery. Remote exploitation of the attack is possible. The exploit has been published and...