CVE-2026-6451

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...

CVE-2026-4139

The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability checks in the computepost function, which processes settings updates. The computepost function is...

CVE-2026-6690

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lpupdatemds AJAX action in all versions up to, and including, 2.2.2. This is due to the wpajaxnoprivlpupdatemds action being registered without nonce verification or capability checks,...

CVE-2026-9014

The WP Promoter plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetstats function in versions up to, and including, 1.3. The function is hooked to both the wpajaxwpp-resetstats and wpajaxnoprivwpp-resetstats actions and contains n...

EUVD-2026-32073

The Two-factor authentication formerly IP Vault plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1. This is due to missing or incorrect nonce validation on the ipvsavechanges function. This makes it possible for unauthenticated attackers to...

WordPress plugin WishList Member 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

EUVD-2026-31038

The Child Height Predictor by Ostheimer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 1.3. This is due to missing nonce verification in the options function, which handles plugin settings updates. The form template does not include a...

WordPress plugin Amazon Scraper 跨站请求伪造漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

CVE-2026-6690

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lpupdatemds AJAX action in all versions up to, and including, 2.2.2. This is due to the wpajaxnoprivlpupdatemds action being registered without nonce verification or capability checks,...

WordPress plugin LifePress 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

PT-2026-39961

The LifePress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'n' parameter of the lp update mds AJAX action in all versions up to, and including, 2.2.2. This is due to the wp ajax nopriv lp update mds action being registered without nonce verification or capability...

CVE-2026-4650

The FundPress WordPress Donation Plugin (

CVE-2026-4139

The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability checks in the computepost function, which processes settings updates. The computepost function is...

CVE-2026-4139 mCatFilter <= 0.5.2 - Cross-Site Request Forgery via compute_post() Function

The mCatFilter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to and including 0.5.2. This is due to the complete absence of nonce verification and capability checks in the computepost function, which processes settings updates. The computepost function is...

CVE-2026-6451

The cms-fuer-motorrad-werkstaetten plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.0.0. This is due to missing nonce validation on all eight AJAX deletion handlers: vehiclescfmwdvehicle, contactscfmwdcontact, supplierscfmwdsupplier,...

PT-2026-33055

Name of the Vulnerable Software and Affected Versions Product Pricing Table by WooBeWoo versions prior to 1.1.1 Description The Product Pricing Table by WooBeWoo plugin for WordPress is susceptible to Cross-Site Request Forgery. This issue occurs because of missing or incorrect nonce validation i...

Exploit for CVE-2026-1657

CVE-2026-1657: Unauthenticated Arbitrary File Upload in EventP...

CVE-2026-3480

The CVE-2026-3480 entry concerns the WordPress plugin WP Blockade (versions up to and including 0.9.14). The vulnerability is a Missing Authorization flaw in the admin_post handler for the shortcode render path. The function render_shortcode_preview() does not perform any capability checks (no cu...

CVE-2025-14944

The Backup Migration plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 2.0.0. This is due to a missing capability check on the 'initializeOfflineAjax' function and lack of proper nonce verification. The endpoint only validates against hardcoded toke...

CVE-2025-15445

The Restaurant Cafeteria WordPress theme through 0.4.6 exposes insecure admin-ajax actions without nonce or capability checks, allowing any logged-in user, like subscriber, to perform privileged operations. An attacker can install and activate a from a user-supplied URL, leading to arbitrary PHP...