89765 matches found
CVE-2026-6702
The Publish 2 Ping.fm plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This makes it possible for unauthenticated attackers t...
CVE-2026-6700
The DX Sources plugin for WordPress is affected up to version 2.0.1 by a Cross-Site Request Forgery due to missing or incorrect nonce validation in the settings_page_build function. This allows unauthenticated attackers to entice a logged-in administrator to submit a forged request that can modif...
CVE-2026-6700 DX Sources <= 2.0.1 - Cross-Site Request Forgery to Settings Update
The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settingspagebuild function. This makes it possible for unauthenticated attackers to trick a logged-in...
CVE-2026-6700 DX Sources <= 2.0.1 - Cross-Site Request Forgery to Settings Update
The DX Sources plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.1. This is due to missing or incorrect nonce validation on the settingspagebuild function. This makes it possible for unauthenticated attackers to trick a logged-in...
CVE-2026-6701 addfreespace <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page
The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...
CVE-2026-6701
The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...
CVE-2026-6701
The WordPress addfreespace plugin (versions ≤ 0.1.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation, allowing unauthenticated attackers to modify settings and inject stored scripts via a forged request, by convincing an admin to perform an action. Root cause...
CVE-2026-6701 addfreespace <= 0.1.3 - Cross-Site Request Forgery to Stored Cross-Site Scripting via Settings Page
The addfreespace plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.1.3. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious web scrip...
SUSE CVE-2026-40682
XML External Entity XXE via Unsanitized Dictionary Parsing in Apache OpenNLP DictionaryEntryPersistor Versions Affected: before 2.5.9, before 3.0.0-M3 Description: The DictionaryEntryPersistor class initializes a static SAXParserFactory at class-load time without enabling FEATURESECUREPROCESSING ...
CLSA-2026-1777945456 httpd: Fix of 2 CVEs
CVE-2024-42516: fix HTTP response splitting in core httpd via header merging refactor in modules/http/httpfilters.c - CVE-2024-43204: fix SSRF in modproxy when modheaders is configured to modify Content-Type from request input...
NPM: Axios: no_proxy bypass via IP alias allows SSRF
NPM: Axios: noproxy bypass via IP alias allows SSRF vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...
EUVD-2026-25607
Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in withXSRFToken Boolean Coercion...
NPM: Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in `withXSRFToken` Boolean Coercion
NPM: Axios: XSRF Token Cross-Origin Leakage via Prototype Pollution Gadget in withXSRFToken Boolean Coercion vulnerability discovered by ? in WordPress Npm axios versions = 0.31.0...
PT-2026-36960
Name of the Vulnerable Software and Affected Versions Publish 2 Ping.fm plugin for WordPress versions prior to 1.2 Description Cross-Site Request Forgery occurs due to missing or incorrect nonce validation on the '/wp-admin/options-general.php?page=admin.php' page. This allows unauthenticated...
PT-2026-36958
Name of the Vulnerable Software and Affected Versions DX Sources versions prior to 2.0.2 Description The DX Sources plugin for WordPress is subject to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into performing actions they did not intend to. This occurs due to missi...
PT-2026-37253
Name of the Vulnerable Software and Affected Versions Admidio versions prior to 5.0.9 Description An incomplete fix for Server-Side Request Forgery SSRF in the fetch metadata.php file allows for DNS rebinding. The system validates the resolved IP address but passes the original hostname-based URL...
WordPress plugin DX Sources 跨站请求伪造漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...
OpenClaw 安全漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.10 contained security vulnerabilities. These vulnerabilities were due to a bypass of server-side request forgery tactics in the existing session browser interaction routing...
WordPress plugin Gutenverse – Ultimate WordPress FSE Blocks Addons & Ecosystem 代码问题漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
WordPress plugin Subscribe To Comments Reloaded 信息泄露漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. Versions...