CVE-2026-9723 Google Plus One Bottom <= 0.0.2 - Cross-Site Request Forgery to Plugin Settings Update via Settings Page

The Google Plus One Bottom plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.0.2. This is due to missing or incorrect nonce validation on the googlePlusOneAdmin function. This makes it possible for unauthenticated attackers to modify the...

CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

CVE-2026-4071 BirdSeed <= 2.2.0 - Cross-Site Request Forgery via BirdSeed Token Change

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

CVE-2026-4071

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

CVE-2026-4071

The BirdSeed WordPress plugin is affected by a Cross-Site Request Forgery in all versions up to and including 2.2.0. The root cause is missing nonce validation in the birdseed_plugin_settings_page() function, which processes the birdseed_token GET parameter and saves it via update_option() withou...

EUVD-2026-33888

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseedpluginsettingspage function. The function processes the 'birdseedtoken' GET parameter and saves it to the database via...

Exploit for CVE-2026-8732

WP Maps Pro Unauthenticated Stored Cross-Site Scripting CVE-2...

PT-2026-45714

Name of the Vulnerable Software and Affected Versions Google Plus One Bottom versions prior to 0.0.3 Description The Google Plus One Bottom plugin for WordPress is susceptible to Cross-Site Request Forgery CSRF, a flaw where an attacker tricks a victim into executing unwanted actions. This occurs...

PT-2026-45715

Name of the Vulnerable Software and Affected Versions Remove NoFollow Commenter URL versions prior to 1.1 Description The plugin is subject to Cross-Site Request Forgery due to missing or incorrect nonce validation in the gmz comment settings save function. This allows unauthenticated attackers t...

PT-2026-45711

The JTL-Connector for WooCommerce plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.4.1. This is due to missing capability checks and nonce verification on the admin post settings save woo-jtl-connector action handled by JtlConnectorAdmin::save and on...

PT-2026-45706

The BirdSeed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.2.0. This is due to missing nonce validation in the birdseed plugin settings page function. The function processes the 'birdseed token' GET parameter and saves it to the database...

PT-2026-45888

Name of the Vulnerable Software and Affected Versions EmergencyWP – Dead Man's switch & legacy deliverance versions prior to 1.4.3 Description The plugin is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the form settings ui function. This allows...

PT-2026-45709

The Remove meta boxes per user role plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.01. This is due to missing or incorrect nonce validation on the 'remove-meta-boxes-per-user-role' page. This makes it possible for unauthenticated attackers...

PT-2026-45712

The Tectite Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3. This is due to missing or incorrect nonce validation on the admin init function. This makes it possible for unauthenticated attackers to modify the plugin's settings,...

Exploit for CVE-2026-8732

CVE-2026-8732 — WP Maps Pro ≤ 6.1.0 ♡ Unauthenticated Privil...

CVE-2026-6075

The Media Library Assistant WordPress plugin is affected by a Cross-Site Request Forgery (CSRF) vulnerability up to version 3.35 due to missing nonce verification on bulk action handlers in the settings tab. This could allow an unauthenticated attacker to trick an administrator into performing bu...

CVE-2026-6075 Media Library Assistant <= 3.35 - Cross-Site Request Forgery via Bulk Action Form

The Media Library Assistant plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.35 This is due to missing nonce verification on the bulk action handlers in the settings tab handlers. This makes it possible for unauthenticated attackers to trick an...

CVE-2026-8732

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

EUVD-2026-33251

The WP Maps Pro plugin for WordPress is vulnerable to Privilege Escalation via Administrator Account Creation in all versions up to, and including, 6.1.0. This is due to the wpgmptempaccessajax AJAX action being registered with wpajaxnopriv and protected only by a nonce check using the...

EUVD-2026-33247

The Poll Maker – Versus Polls, Anonymous Polls, Image Polls plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to and including 6.3.7. This is due to insufficient access controls on the 'ayspollgetuserinformation' AJAX action, which serializes and returns the...