Lucene search
K

9 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:16 a.m.5 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS5.8AI score0.0035EPSS
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 6:35 a.m.5 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS5.5AI score0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 6:35 a.m.29 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
CVE
CVE
added 2026/01/07 6:35 a.m.17 views

CVE-2025-14901

CVE-2025-14901 presented by Wordfence: The Bit Form – Contact Form Plugin for WordPress (all versions up to 2.21.6) has a logic flaw in the triggerWorkFlow AJAX action where nonce verification only blocks requests if both the nonce check fails and the user is logged in. This enables unauthenticat...

6.5CVSS5.5AI score0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1556

Name of the Vulnerable Software and Affected Versions AMP for WP – Accelerated Mobile Pages plugin for WordPress versions up to and including 1.1.9 Description The software is susceptible to a Cross-Site Request Forgery CSRF issue. This is a result of flawed nonce verification within the amp them...

4.3CVSS6.1AI score0.00132EPSS
Exploits0References7
RedHat Linux
RedHat Linux
added 2025/08/01 5:42 p.m.5 views

kafka: Apache Kafka: SCRAM authentication vulnerable to replay attacks when used without encryption

A flaw was found in Apache Kafka's implementation of the Salted Challenge Response Authentication Mechanism SCRAM, which did not fully adhere to the requirements of RFC 5802. Specifically, as per RFC 5802, the server must verify that the nonce sent by the client in the second message matches the...

5.3CVSS7.3AI score0.00795EPSS
Exploits0References8
OSV
OSV
added 2025/01/23 10:15 a.m.5 views

CVE-2024-13511

The Variation Swatches for WooCommerce plugin, in all versions starting at 1.0.8 up until 1.3.2, contains a vulnerability due to improper nonce verification in its settings reset functionality. The issue exists in the settingsinit function, which processes a reset action based on specific query...

4.3CVSS5.8AI score0.00184EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2004/12/20 4:40 p.m.4 views

httpd mod_digest nonce not verified

moddigest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret...

7.5CVSS5.8AI score0.05562EPSS
Exploits0References4
Rows per page
Query Builder