Lucene search
K

5035 matches found

EUVD
EUVD
added last week6 views

EUVD-2026-40924

The RegistrationMagic – User Registration Forms Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.0.9.1. This is due to missing or incorrect nonce validation on the processrequest function. This makes it possible for unauthenticated...

8.8CVSS5.8AI score0.00205EPSS
Exploits0References6
CVE
CVE
added 2026/06/30 4:30 a.m.13 views

CVE-2026-8944

The CVE-2026-8944 affects the WordPress plugin IO Technologies’ Google Analytics plugin (versions

4.3CVSS5.6AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 4:30 a.m.30 views

CVE-2026-8944 Plugin for Google Analytics by IO technologies <= 1.1 - Cross-Site Request Forgery via 'ga_id' Parameter

The Plugin for Google Analytics by IO technologies plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the Google Analytics settings page ga.php. This makes it possible for unauthenticated...

4.3CVSS0.00102EPSS
Exploits0References2
NVD
NVD
added 2026/06/27 2:16 a.m.9 views

CVE-2026-13422

The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdqvalidatenonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create ne...

4.3CVSS0.00179EPSS
Exploits0References16
CVE
CVE
added 2026/06/27 1:27 a.m.19 views

CVE-2026-13422

The CVE concerns the WordPress plugin HD Quiz (WordPress) versions 2.2.0–2.2.1. The root cause is missing or incorrect nonce validation in the hdq_validate_nonce function, enabling Cross-Site Request Forgery. This allows unauthenticated attackers to delete or modify quizzes and questions, create ...

4.3CVSS5.6AI score0.00179EPSS
Exploits0References16
Cvelist
Cvelist
added 2026/06/27 1:27 a.m.32 views

CVE-2026-13422 HD Quiz 2.2.0 - 2.2.1 - Cross-Site Request Forgery via Multiple AJAX Handlers

The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdqvalidatenonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create ne...

4.3CVSS0.00179EPSS
Exploits0References16
EUVD
EUVD
added 2026/06/27 1:27 a.m.9 views

EUVD-2026-39932

The HD Quiz plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions 2.2.0 to 2.2.1. This is due to missing or incorrect nonce validation on the hdqvalidatenonce function. This makes it possible for unauthenticated attackers to delete or modify quizzes and questions, create ne...

4.3CVSS5.6AI score0.00179EPSS
Exploits0References16
NVD
NVD
added 2026/06/24 7:16 a.m.11 views

CVE-2026-9724

The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the motordeskadminhome function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS0.00145EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 7:16 a.m.12 views

CVE-2026-8617

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS0.00228EPSS
Exploits0References5
NVD
NVD
added 2026/06/24 7:16 a.m.10 views

CVE-2026-6292

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to and including 1.0. This is due to a completely broken nonce validation in the entermpclploginoptions function, which contains an inverted check if wpverifynonce... return false;...

4.3CVSS0.00176EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.33 views

CVE-2026-11997 Bulk SEO Image <= 1.1 - Cross-Site Request Forgery to Settings Update

The Bulk SEO Image plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.1. This is due to missing or incorrect nonce validation on the plugin's settings page handler BulkSeoImage, which dispatches to launchbulk / BulkSeoImageGo whenever the request...

4.3CVSS0.00128EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/24 5:33 a.m.6 views

EUVD-2026-38676

The MP Customize Login Page plugin for WordPress is vulnerable to Cross-Site Request Forgery CSRF in all versions up to and including 1.0. This is due to a completely broken nonce validation in the entermpclploginoptions function, which contains an inverted check if wpverifynonce... return false;...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-8617 SearchPlus <= 1.7.1 - Missing Authorization to Unauthenticated Settings Modification and Deletion via searchplus_save_token & searchplus_reset_token AJAX Actions

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS0.00228EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.6 views

EUVD-2026-38674

The SearchPlus plugin for WordPress is vulnerable to unauthorized modification and deletion of data in versions up to, and including, 1.7.1. This is due to a missing capability check and missing nonce validation on the searchplussavetokenactioncallback and searchplusresettokenactioncallback...

5.3CVSS5.9AI score0.00228EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 5:33 a.m.12 views

CVE-2026-6292

CVE-2026-6292 affects the WordPress plugin MP Customize Login Page (versions ≤ 1.0). The issue is a CSRF vulnerability caused by a broken nonce validation in enter_mpclp_login_options() (inverted wp_verify_nonce() check and missing action parameter) and a settings-update handler hooked on init wi...

4.3CVSS5.8AI score0.00176EPSS
Exploits0References5
CVE
CVE
added 2026/06/24 5:33 a.m.12 views

CVE-2026-10552

The CVE-2026-10552 entry concerns the WordPress plugin Blue Captcha (versions up to 2.0.1). It documents a Cross-Site Request Forgery (CSRF) flaw caused by missing or incorrect nonce validation on the main admin page (blcap_main_page) and on Hall of Shame and Log subpages. These pages accept a bl...

4.3CVSS5.9AI score0.00146EPSS
Exploits0References6
EUVD
EUVD
added 2026/06/24 5:33 a.m.5 views

EUVD-2026-38665

The MotorDesk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the motordeskadminhome function. This makes it possible for unauthenticated attackers to update the plugin's...

4.3CVSS5.8AI score0.00145EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.9 views

EUVD-2026-38658

The Book a Room Event Calendar plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the settingsform/updatesettings functionality. The plugin's options page handler dispatches on the...

4.3CVSS5.8AI score0.00103EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/24 5:33 a.m.31 views

CVE-2026-8905 Osiris Signature Banner <= 0.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'prepend_text' Parameter

The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS0.00135EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/24 5:33 a.m.8 views

EUVD-2026-38655

The Osiris Signature Banner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to update settings and inject malicious...

6.1CVSS5.8AI score0.00135EPSS
Exploits0References5
Rows per page
Query Builder