Lucene search
K

256 matches found

Vulnrichment
Vulnrichment
added 2026/03/06 11:22 p.m.6 views

CVE-2026-1644 WP Frontend Profile <= 1.3.8 - Cross-Site Request Forgery to Unauthorized User Account Approval or Rejection

The WP Frontend Profile plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.8. This is due to missing nonce validation on the 'updateaction' function. This makes it possible for unauthenticated attackers to approve or reject user account...

4.3CVSS5.8AI score0.0016EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/03/05 3:41 p.m.8 views

CVE-2026-30789 RustDesk Auth Proof Uses Server-Controlled Salt/Challenge and Fast Double-SHA256, Enabling Offline Brute-Force

Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Client login, peer authentication modules allows Password Brute Forcing. T...

5.7CVSS5.9AI score0.00269EPSS
Exploits1References3
CVE
CVE
added 2026/03/05 3:41 p.m.27 views

CVE-2026-30789

CVE-2026-30789 concerns the RustDesk Client (rustdesk-client) across Windows, macOS, Linux, iOS, and Android. It enables an authentication bypass via capture-replay and the use of a password hash with insufficient computational effort, by reusing Session IDs (session replay) in login and peer aut...

9.8CVSS5.9AI score0.00269EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2026/02/17 6:16 a.m.13 views

CVE-2026-1657

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the uploadfilemedia AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, or...

5.3CVSS0.00379EPSS
Exploits3References6
RedhatCVE
RedhatCVE
added 2026/02/15 7:10 a.m.13 views

CVE-2026-1394

The WP Quick Contact Us plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings vi...

4.3CVSS5.3AI score0.00153EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/02/14 6:42 a.m.31 views

CVE-2026-1394 WP Quick Contact Us <= 1.0 - Cross-Site Request Forgery to Settings Update

The WP Quick Contact Us plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings vi...

4.3CVSS0.00153EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/14 6:42 a.m.3 views

CVE-2025-14852

The MDirector Newsletter plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.8. This is due to missing nonce verification on the mdirectorNewsletterSave function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.4AI score0.00163EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.7 views

PT-2026-8074

The WP Quick Contact Us plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings vi...

4.3CVSS5.3AI score0.00153EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.10 views

PT-2026-8059

The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 5.2.5. This is due to the 'call by route name' function in the routing layer only validating user capabilities without enforci...

4.3CVSS5.3AI score0.00143EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/02/11 8:26 a.m.6 views

CVE-2026-1215

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

4.3CVSS5.4AI score0.0016EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/02/11 8:26 a.m.5 views

CVE-2026-1215 MMA Call Tracking <= 2.3.15 - Cross-Site Request Forgery to Plugin Settings Update

The MMA Call Tracking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.15. This is due to missing nonce validation when saving plugin configuration on the mmacalltrackingmenu admin page. This makes it possible for unauthenticated attackers...

4.3CVSS5.4AI score0.0016EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/02/06 8:25 a.m.6 views

CVE-2026-1785

The Code Snippets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.9.4. This is due to missing nonce validation on the cloud snippet download and update actions in the CloudSearchListTable class. This makes it possible for unauthenticated...

4.3CVSS5.5AI score0.00191EPSS
Exploits0References7
CVE
CVE
added 2026/01/28 1:26 p.m.20 views

CVE-2025-14795

CVE-2025-14795 affects the Stop Spammers Classic WordPress plugin. It is a CSRF vulnerability caused by missing nonce validation in the ss_addtoallowlist class, enabling unauthenticated attackers to add email addresses to the spam allowlist via forged requests, if a site admin is tricked into cli...

4.3CVSS5.9AI score0.0016EPSS
Exploits0References4
NVD
NVD
added 2026/01/28 12:15 p.m.14 views

CVE-2026-1380

The Bitcoin Donate Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the settings page. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

4.3CVSS0.00124EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/28 11:23 a.m.32 views

CVE-2025-14616 Recooty <= 1.0.6 - Cross-Site Request Forgery to Settings Update

The Recooty – Job Widget Old Dashboard plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.6. This is due to missing nonce validation on the recootysavemaybe function. This makes it possible for unauthenticated attackers to update the...

4.3CVSS0.00128EPSS
Exploits0References5
CVE
CVE
added 2026/01/28 7:27 a.m.14 views

CVE-2026-1054

The CVE-2026-1054 entry corresponds to the RegistrationMagic WordPress plugin and is supported by multiple connected sources (Wordfence, PatchStack, CVE List). The detail across these sources states that versions up to and including 6.0.7.4 are vulnerable due to missing nonce verification and mis...

5.3CVSS6AI score0.00232EPSS
Exploits0References3
NVD
NVD
added 2026/01/24 9:15 a.m.8 views

CVE-2025-14907

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

4.3CVSS0.00107EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/01/24 8:26 a.m.3 views

CVE-2025-14907

The Moderate Selected Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.4. This is due to missing nonce verification on the mspadminpage function. This makes it possible for unauthenticated attackers to modify plugin settings via a forg...

4.3CVSS5.8AI score0.00107EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.31 views

CVE-2026-1076 Star Review Manager <= 1.2.2 - Cross-Site Request Forgery to Settings Update

The Star Review Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.2. This is due to missing nonce validation on the settings page. This makes it possible for unauthenticated attackers to update the plugin's CSS settings via a forged...

4.3CVSS0.00158EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/01/24 7:26 a.m.30 views

CVE-2025-14906 WP Youtube Video Gallery <= 1.0 - Cross-Site Request Forgery to Plugin Settings Update

The WP Youtube Video Gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing nonce verification on the wpYTVideoGallerySettingSave function. This makes it possible for unauthenticated attackers to modify plugin...

4.3CVSS0.00132EPSS
Exploits0References2
Rows per page
Query Builder