Lucene search
K

6 matches found

Vulnrichment
Vulnrichment
added 2026/06/02 7:48 a.m.8 views

CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

4.3CVSS5.7AI score0.00131EPSS
Exploits0References5
NVD
NVD
added 2026/05/20 8:16 a.m.17 views

CVE-2026-6405

The Anomify AI – Anomaly Detection and Alerting plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF leading to Stored Cross-Site Scripting XSS in versions up to and including 0.3.6. This is due to missing nonce verification on the settings page handler and insufficient output...

4.3CVSS0.00168EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/03/13 12:0 a.m.4 views

PT-2026-25147

wpDiscuz before 7.6.47 contains a cross-site request forgery vulnerability in the getFollowsPage function that allows attackers to trigger unauthorized actions without nonce validation. Attackers can craft malicious requests to enumerate follow relationships and manipulate user follow data by...

5.3CVSS5.7AI score0.00153EPSS
Exploits0References3
CVE
CVE
added 2026/01/07 8:21 a.m.13 views

CVE-2025-13527

The CVE-2025-13527 entry covers the WordPress xShare plugin, with CSRF in xshare_plugin_reset() affecting all versions up to 1.0.1 due to missing nonce validation. The Wordfence report confirms that unauthenticated attackers could trigger a settings-reset action by delivering a forged request to ...

4.3CVSS4.9AI score0.0014EPSS
Exploits0References3
CVE
CVE
added 2025/11/04 3:26 a.m.12 views

CVE-2025-12070

CVE-2025-12070 pertains to the WordPress ViaAds plugin up to version 2.1.1, where CSRF is possible due to missing nonce validation in the ViaAds_pluginHandler. This allows unauthenticated attackers to alter the plugin’s API key and cookie consent settings by sending forged requests that trick an ...

4.3CVSS5.9AI score0.00149EPSS
Exploits0References3
CVE
CVE
added 2025/10/25 5:31 a.m.23 views

CVE-2025-12095

CVE-2025-12095 concerns the WordPress plugin Simple Registration for WooCommerce (up to version 1.5.8). The root cause is missing nonce validation on the role-requests admin page handler in includes/display-role-admin.php, enabling CSRF that can privilege-escalate via forged requests if an admin ...

8.8CVSS5.3AI score0.00186EPSS
Exploits0References3
Rows per page
Query Builder