CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2026/06/09 3:41 a.m.•8 views

CVE-2026-8902 AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update

4.3CVSS5.4AI score0.00124EPSS

Cvelist•added 2026/06/09 3:41 a.m.•31 views

CVE-2026-8902 AJAX Report Comments <= 2.0.4 - Cross-Site Request Forgery to Settings Update

4.3CVSS0.00124EPSS

EUVD•added 2026/06/09 3:41 a.m.•9 views

EUVD-2026-35306

The WpMobi plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.3. This is due to missing or incorrect nonce validation on the handleSaveGeneralSettings function. This makes it possible for unauthenticated attackers to modify the plugin's...

4.3CVSS5.5AI score0.00128EPSS

Cvelist•added 2026/06/09 3:41 a.m.•32 views

CVE-2026-8909 WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action

4.3CVSS0.00128EPSS

CVE•added 2026/06/09 3:41 a.m.•18 views

CVE-2026-8902

CVE-2026-8902 affects the WordPress plugin “AJAX Report Comments” (versions ≤ 2.0.4). The vulnerability stems from missing or incorrect nonce validation on the rc_options_page function, enabling Cross‑Site Request Forgery. This allows unauthenticated attackers to forge requests and modify plugin ...

4.3CVSS5.4AI score0.00124EPSS

Vulnrichment•added 2026/06/09 3:41 a.m.•7 views

CVE-2026-8909 WpMobi <= 0.0.3 - Cross-Site Request Forgery via save_general_settings Action

4.3CVSS5.5AI score0.00128EPSS

CVE•added 2026/06/09 3:41 a.m.•15 views

CVE-2026-8909

WpMobi WordPress plugin (versions ≤ 0.0.3) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in handleSaveGeneralSettings. This allows unauthenticated attackers to modify General Settings and inject scripts into an administrator’s browser via unescaped app_name...

4.3CVSS5.5AI score0.00128EPSS

Vulnrichment•added 2026/06/09 3:41 a.m.•8 views

CVE-2026-8907 WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter

The WP-Ultimate-Map plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing nonce validation on the processinit function hooked to admininit, which saves plugin settings zoom-level, focus-lat, focus-lng, selplaces, selroutes v...

Cvelist•added 2026/06/09 3:41 a.m.•32 views

CVE-2026-8907 WP-Ultimate-Map <= 1.1 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'zoom-level' Parameter

6.1CVSS0.00119EPSS

EUVD•added 2026/06/09 3:41 a.m.•8 views

EUVD-2026-35304

CVE•added 2026/06/09 3:41 a.m.•20 views

CVE-2026-8907

CVE-2026-8907 affects the WordPress plugin WP-Ultimate-Map (versions ≤ 1.1). The root cause is missing nonce validation on the process_init() handler (hooked to admin_init), which saves settings (zoom-level, focus-lat, focus-lng, sel_places, sel_routes) based solely on a save-setting POST paramet...

Cvelist•added 2026/06/09 3:41 a.m.•32 views

CVE-2026-8940 WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update

The WP Meta Sort Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9. This is due to missing or incorrect nonce validation on the top-level included script in msp-options.php. This makes it possible for unauthenticated attackers to chan...

4.3CVSS0.00128EPSS

Exploits0References5

Vulnrichment•added 2026/06/09 3:41 a.m.•7 views

CVE-2026-8940 WP Meta Sort Posts <= 0.9 - Cross-Site Request Forgery to Plugin Settings Update

4.3CVSS5.4AI score0.00128EPSS

Exploits0References5

RedhatCVE•added 2026/06/09 2:58 a.m.•10 views

CVE-2026-11469

A flaw has been found in jishenghua jshERP up to 3.6. Impacted is the function insertPlatformConfig of the file jshERP-boot/src/main/java/com/jsh/erp/service/PlatformConfigService.java of the component platformConfig Add Endpoint. Executing a manipulation of the argument platformValue can lead to...

5.8CVSS5AI score0.00232EPSS

Positive Technologies•added 2026/06/09 12:0 a.m.•11 views

PT-2026-47680

Name of the Vulnerable Software and Affected Versions WP-Ultimate-Map versions prior to 1.2 Description The plugin is subject to Cross-Site Request Forgery CSRF and Stored Cross-Site Scripting XSS. The issue occurs because the process init function, which is hooked to admin init, fails to validat...

Positive Technologies•added 2026/06/09 12:0 a.m.•9 views

Exploits0References9

PT-2026-47679

Name of the Vulnerable Software and Affected Versions FastPicker versions prior to 1.0.3 Description The FastPicker plugin for WordPress is subject to Cross-Site Request Forgery. This occurs because the settingsPage function lacks proper nonce validation, which is a unique token used to verify th...

4.3CVSS5.3AI score0.00124EPSS

Exploits0References8

Vulnrichment•added 2026/06/09 12:0 a.m.•8 views

CVE-2026-39170

SemCms 5.0 is vulnerable to Cross Site Request Forgery CSRF via crafted POST request to /admin/semcmsuser.php...

5.5AI score0.00107EPSS

CNNVD•added 2026/06/09 12:0 a.m.•8 views

Adobe Campaign Classic 代码问题漏洞

Adobe Campaign Classic is a enterprise-level marketing automation and campaign management platform developed by Adobe Inc. Versions of Adobe Campaign Classic 7.4.3 build 9394 and earlier have code vulnerabilities that stem from server-side request forgery, which may lead to privilege escalation...

10CVSS5.5AI score0.00449EPSS

CNNVD•added 2026/06/09 12:0 a.m.•11 views

SEMCMS 跨站请求伪造漏洞

SEMCMS is an open-source content management system CMS for foreign trade websites that supports multiple languages. Version SEMCMS 5.0 has a cross-site request forgeing vulnerability, which stems from improper handling of POST requests directed to /admin/semcmsuser.php. This vulnerability may lea...

6.3CVSS5.1AI score0.00107EPSS