Lucene search
+L

371 matches found

Positive Technologies
Positive Technologies
added 2025/09/17 12:0 a.m.12 views

PT-2025-38102

Name of the Vulnerable Software and Affected Versions: USS Upyun plugin for WordPress versions prior to 1.5.1 Description: The USS Upyun plugin for WordPress is susceptible to a Cross-Site Request Forgery issue. This is due to missing or incorrect nonce validation within the uss setting page...

4.3CVSS6.2AI score0.00156EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/09/13 7:25 a.m.10 views

CVE-2025-8481

The Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.1.7. This is due to missing or incorrect nonce validation on the bdfeinstallactivaterswpbsonly function. This makes it possible for unauthenticated...

4.3CVSS5.7AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/12 7:11 a.m.5 views

CVE-2025-9622

The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on multiple administrative actions in the Settings class. This makes it possible for...

4.3CVSS5.5AI score0.00157EPSS
Exploits0References1
NVD
NVD
added 2025/09/11 8:15 a.m.11 views

CVE-2025-9631

The AutoCatSet plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.4. This is due to missing or incorrect nonce validation on the autocatsetajax function. This makes it possible for unauthenticated attackers to trigger automatic...

4.3CVSS0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.4 views

CVE-2025-8481 Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid <= 1.1.7 - Cross-Site Request Forgery

The Blog Designer For Elementor – Post Slider, Post Carousel, Post Grid plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 1.1.7. This is due to missing or incorrect nonce validation on the bdfeinstallactivaterswpbsonly function. This makes it possible for unauthenticated...

4.3CVSS5.3AI score0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.5 views

CVE-2025-9623 Admin in English with Switch <= 1.1 - Cross-Site Request Forgery

The Admin in English with Switch plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the enableeng function. This makes it possible for unauthenticated attackers to modify administrator...

4.3CVSS4.8AI score0.00151EPSS
Exploits0References3
CVE
CVE
added 2025/09/11 7:24 a.m.17 views

CVE-2025-9635

CVE-2025-9635 affects the Analytics Reduce Bounce Rate plugin for WordPress (versions up to 2.3). The flaw is a Cross-Site Request Forgery due to missing or incorrect nonce validation on the unbounce_options function, enabling unauthenticated attackers to modify Google Analytics tracking settings...

4.3CVSS4.8AI score0.00151EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/09/11 7:24 a.m.3 views

CVE-2025-9635 Analytics Reduce Bounce Rate <= 2.3 - Cross-Site Request Forgery

The Analytics Reduce Bounce Rate plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the unbounceoptions function. This makes it possible for unauthenticated attackers to modify Google...

4.3CVSS4.8AI score0.00151EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/09/11 12:0 a.m.8 views

PT-2025-37145

The Seo Monster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.3.3. This is due to missing or incorrect nonce validation on the check integration function. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS5.3AI score0.00141EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/09/10 6:38 a.m.12 views

CVE-2025-9622 WP Blast | SEO & Performance Booster <= 1.8.6 - Cross-Site Request Forgery to Cache Clearing

The WP Blast | SEO & Performance Booster plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.8.6. This is due to missing or incorrect nonce validation on multiple administrative actions in the Settings class. This makes it possible for...

4.3CVSS0.00157EPSS
Exploits0References6
CVE
CVE
added 2025/09/10 6:38 a.m.14 views

CVE-2025-9622

The CVE-2025-9622 entry concerns WP Blast | SEO & Performance Booster for WordPress (WPBlast) with Cross-Site Request Forgery in versions up to 1.8.6 due to missing/incorrect nonce validation in the Settings class. Attack scenario: unauthenticated attackers can trigger cache purging, sitemap clea...

4.3CVSS5AI score0.00157EPSS
Exploits0References6
CVE
CVE
added 2025/09/10 6:38 a.m.28 views

CVE-2025-9888

CVE-2025-9888 affects the Maspik – Ultimate Spam Protection WordPress plugin. According to connected sources, versions up to and including 2.5.6 are vulnerable to Cross-Site Request Forgery due to missing or incorrect nonce validation in the clear_log function. This (unauthenticated) vulnerabilit...

4.3CVSS4.7AI score0.00156EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/09/10 12:0 a.m.14 views

PT-2025-37024

Name of the Vulnerable Software and Affected Versions: Maspik – Ultimate Spam Protection plugin for WordPress versions through 2.5.6 Description: The Maspik – Ultimate Spam Protection plugin for WordPress is susceptible to a Cross-Site Request Forgery issue. This is due to insufficient or incorre...

4.3CVSS5.9AI score0.00156EPSS
Exploits0References7
OSV
OSV
added 2025/09/09 8:42 p.m.6 views

GHSA-RF24-WG77-GQ7W listmonk: CSRF to XSS Chain can Lead to Admin Account Takeover

Summary Cross-Site Request Forgery CSRF is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering such as sending a link via email or chat, an attacker may trick the users of a web...

8.6CVSS6.3AI score0.00127EPSS
Exploits1References3
Cvelist
Cvelist
added 2025/08/29 4:25 a.m.9 views

CVE-2025-9374 Ultimate Tag Warrior Importer <= 0.2 - Cross-Site Request Forgery

The Ultimate Tag Warrior Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.2. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to import tags granted they can...

4.3CVSS0.00124EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/08/20 11:26 a.m.6 views

CVE-2025-8102 Easy Digital Downloads <= 3.5.0 - Cross-Site Request Forgery to Plugin Deactivation via edd_sendwp_disconnect and edd_sendwp_remote_install Functions

The Easy Digital Downloads plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.0. This is due to missing nonce validations in the eddsendwpdisconnect and eddsendwpremoteinstall functions. This makes it possible for unauthenticated attackers t...

5.4CVSS6.5AI score0.00151EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/08/18 4:31 a.m.9 views

CVE-2025-7683

The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.7AI score0.0017EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/08/17 8:29 a.m.12 views

CVE-2025-7688

The Add User Meta plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.1. This is due to missing or incorrect nonce validation on the 'add-user-meta' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS6.7AI score0.00151EPSS
Exploits0References1
NVD
NVD
added 2025/08/16 4:16 a.m.7 views

CVE-2025-7683

The LatestCheckins plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1. This is due to missing or incorrect nonce validation on the 'LatestCheckins' page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.0017EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/16 3:38 a.m.10 views

CVE-2025-7686 weichuncai(WP伪春菜) <= 1.5 - Cross-Site Request Forgery to Stored Cross-Site Scripting

The weichuncaiWP伪春菜 plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the sm-options.php page. This makes it possible for unauthenticated attackers to update settings and inject...

6.1CVSS0.00136EPSS
Exploits0References2
Rows per page
Query Builder