Lucene search
K

89765 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.6 views

CVE-2026-6702

The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers t...

6.1CVSS5.7AI score0.0012EPSS
Exploits0References8
CVE
CVE
added 2026/05/05 2:26 a.m.13 views

CVE-2026-6700

The DX Sources plugin for WordPress is affected up to version 2.0.1 by a Cross-Site Request Forgery due to missing or incorrect nonce validation in the settings_page_build function. This allows unauthenticated attackers to entice a logged-in administrator to submit a forged request that can modif...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/05 2:26 a.m.4 views

CVE-2026-6700 DX Sources <= 2.0.1 - Cross-Site Request Forgery to Settings Update

The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settingspagebuild function. This makes it possible for unauthenticated attackers to trick a logged-in...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/05 2:26 a.m.41 views

CVE-2026-6700 DX Sources <= 2.0.1 - Cross-Site Request Forgery to Settings Update

The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settingspagebuild function. This makes it possible for unauthenticated attackers to trick a logged-in...

4.3CVSS0.00128EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/05 2:26 a.m.6 views

CVE-2026-6701 addfreespace <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page

The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References11
ATTACKERKB
ATTACKERKB
added 2026/05/05 2:26 a.m.5 views

CVE-2026-6701

The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References12
CVE
CVE
added 2026/05/05 2:26 a.m.13 views

CVE-2026-6701

The WordPress addfreespace plugin (versions ≤ 0.1.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation, allowing unauthenticated attackers to modify settings and inject stored scripts via a forged request, by convincing an admin to perform an action. Root cause...

4.3CVSS5.7AI score0.00158EPSS
Exploits0References11
Cvelist
Cvelist
added 2026/05/05 2:26 a.m.52 views

CVE-2026-6701 addfreespace <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page

The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...

4.3CVSS0.00158EPSS
Exploits0References11
SUSE CVE
SUSE CVE
added 2026/05/05 1:45 a.m.11 views

SUSE CVE-2026-40682

XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...

9.1CVSS5.8AI score0.00515EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 1:44 a.m.6 views

CLSA-2026-1777945456 httpd: Fix of 2 CVEs

CVE-2024-42516: fix HTTP response splitting in core httpd via header merging refactor in modules/http/httpfilters.c - CVE-2024-43204: fix SSRF in modproxy when modheaders is configured to modify Content-Type from request input...

7.5CVSS5.8AI score0.00772EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/05 12:40 a.m.10 views

NPM: Axios: no_proxy bypass via IP alias allows SSRF

NPM: Axios: noproxy bypass via IP alias allows SSRF vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

7.5CVSS5.8AI score0.00301EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/05/05 12:25 a.m.4 views

EUVD-2026-25607

Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in withXSRFToken Boolean Coercion...

5.4CVSS5.8AI score0.00228EPSS
Exploits1References2
Patchstack
Patchstack
added 2026/05/05 12:25 a.m.8 views

NPM: Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion

NPM: Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in withXSRFToken Boolean Coercion vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...

5.4CVSS5.8AI score0.00228EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.16 views

PT-2026-36960

Name of the Vulnerable Software and Affected Versions Publish 2 Ping.fm plugin for WordPress versions prior to 1.2 Description Cross-Site Request Forgery occurs due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This allows unauthenticated...

6.1CVSS5.8AI score0.0012EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.10 views

PT-2026-36958

Name of the Vulnerable Software and Affected Versions DX Sources versions prior to 2.0.2 Description The DX Sources plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs due to missi...

4.3CVSS5.8AI score0.00128EPSS
Exploits0References11
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.14 views

PT-2026-37253

Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An incomplete fix for Server-Side Request Forgery SSRF in the fetch metadata.php file allows for DNS rebinding. The system validates the resolved IP address but passes the original hostname-based URL...

6.8CVSS5.8AI score0.00236EPSS
Exploits1References7
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.7 views

WordPress plugin DX Sources 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.3CVSS5.7AI score0.00128EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a bypass of server-side request forgery tactics in the existing session browser interaction routing...

7.7CVSS5.8AI score0.00253EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.8 views

WordPress plugin Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

6.4CVSS6AI score0.00151EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/05 12:0 a.m.9 views

WordPress plugin Subscribe To Comments Reloaded 信息泄露漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...

6.5CVSS5.8AI score0.00227EPSS
Exploits0References1
Rows per page
Query Builder