EUVD-2020-31048

P5 FNIP-8x16A FNIP-4xSH 1.0.20 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user interaction. Attackers can craft malicious web pages to add new admin users, change passwords, and modify system configurations by tricking...

CVE-2026-1633

The Synectix LAN 232 TRIO 3-Port serial to ethernet adapter exposes its web management interface without requiring authentication, allowing unauthenticated users to modify critical device settings or factory reset the device...

CVE-2026-1632

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

Microhard IPn4G Cellular Gateways Cross-Site Request Forgery (CVE-2018-25149)

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

CVE-2026-1632

MOMA Seismic Station Version v2.4.2520 and prior exposes its web management interface without requiring authentication, which could allow an unauthenticated attacker to modify configuration settings, acquire device data or remotely reset the device...

CVE-2026-1208

The Friendly Functions for Welcart plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.5. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to update plugin setting...

PT-2026-4579

The ZT Captcha plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.4. This is due to improper nonce validation on the save ztcpt captcha settings action where the nonce check can be bypassed by sending an empty token value. This makes it...

PT-2026-4591

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the msp admin page function. This makes it possible for unauthenticated attackers to modify plugin settings via a...

WordPress plugin Dokan: Access control error vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

CVE-2025-14482

The Crush.pics Image Optimizer - Image Compression and Optimization plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple functions in all versions up to, and including, 1.8.7. This makes it possible for authenticated attackers, with...

CVE-2025-68707

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise...

CVE-2021-31929

Annex Cloud Loyalty Experience Platform 2021.1.0.1 allows any authenticated attacker to modify loyalty campaigns and settings, such as fraud prevention, coupon groups, email templates, or referrals...

CVE-2025-14465

CVE-2025-14465 : The Sticky Action Buttons plugin for WordPress (all versions up to 1.1) is vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in sabs_options_page_form_submit(). This allows unauthenticated attackers to update plugin settings by inducing a site ...

CVE-2024-2038

The Visual Website Collaboration, Feedback & Project Management – Atarim plugin for WordPress is vulnerable to unauthorized access in all versions up to, and including, 3.22.6. This is due to the use of hardcoded credentials to authenticate all the incoming API requests. This makes it possible fo...

CVE-2020-36904 Selea CarPlateServer 4.0.1.6 Remote Program Execution via Configuration Endpoint

Selea CarPlateServer 4.0.1.6 contains a remote program execution vulnerability that allows attackers to execute arbitrary Windows binaries by manipulating the NOLISTEXEPATH configuration parameter. Attackers can bypass authentication through the /cps/ endpoint and modify server configuration,...

CVE-2024-58337

CVE-2024-58337 affects the Akuvox Smart Intercom S539. The vulnerability is an improper access control in the ServicesHTTPAPI that lets users with 'User' privileges modify API access settings and configurations, enabling privilege escalation to administrative functionalities. The CVSS details ind...

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

CVE-2018-25149

Microhard Systems IPn4G 1.1.0 contains a cross-site request forgery vulnerability that allows attackers to perform administrative actions without user consent. Attackers can craft malicious web pages to change admin passwords, add new users, and modify system settings by tricking authenticated...

CVE-2018-25140 FLIR Thermal Traffic Cameras V1.01-0bb5b27 Unauthenticated Websocket Device Manipulation

FLIR thermal traffic cameras contain an unauthenticated device manipulation vulnerability in their WebSocket implementation that allows attackers to bypass authentication and authorization controls. Attackers can directly modify device configurations, access system information, and potentially...

CVE-2025-13880 WP Social Ninja - Embed Social Feeds, Customer Reviews, Chat Widgets (Google Reviews, YouTube Feed, Photo Feeds, and More) <= 4.0.1 - Missing Authorization to Unauthenticated Plugin's Settings Disclosure And Modification

The WP Social Ninja – Embed Social Feeds, Customer Reviews, Chat Widgets Google Reviews, YouTube Feed, Photo Feeds, and More plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the getAdvanceSettings and saveAdvanceSettings...