17 matches found
EUVD-2026-22870
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...
CVE-2026-3995
The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield which strips HTML tags but does not...
CVE-2026-3995
CVE-2026-3995 concerns the OPEN-BRAIN WordPress plugin (versions up to 0.5.0). The vulnerability arises in the API Key settings field, where insufficient input sanitization and output escaping allow an authenticated Administrator to inject stored cross-site scripting payloads. Specifically, sanit...
CVE-2026-3995
The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield which strips HTML tags but does not...
CVE-2026-3995 OPEN-BRAIN <= 0.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting
The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield which strips HTML tags but does not...
CVE-2026-3995 OPEN-BRAIN <= 0.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting
The OPEN-BRAIN plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'API Key' settings field in all versions up to, and including, 0.5.0. This is due to insufficient input sanitization and output escaping. The plugin uses sanitizetextfield which strips HTML tags but does not...
WordPress OPEN-BRAIN plugin <= 0.5.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'API Key' Setting vulnerability
Authenticated Administrator+ Stored Cross-Site Scripting via 'API Key' Setting vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin OPEN-BRAIN versions = 0.5.0...
PT-2026-33279
Name of the Vulnerable Software and Affected Versions OPEN-BRAIN plugin for WordPress versions prior to 0.5.1 Description Stored Cross-Site Scripting occurs via the 'API Key' settings field due to insufficient input sanitization and output escaping. The plugin utilizes the sanitize text field...
WordPress plugin OPEN-BRAIN 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2026-4091
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...
CVE-2026-4091 OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...
CVE-2026-4091
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...
CVE-2026-4091
The CVE concerns the WordPress OPEN-BRAIN plugin
CVE-2026-4091 OPEN-BRAIN <= 0.5.0 - Cross-Site Request Forgery
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the funcpagemain function. This makes it possible for unauthenticated attackers to inject malicious web...
WordPress OPEN-BRAIN plugin <= 0.5.0 - Cross-Site Request Forgery vulnerability
Cross-Site Request Forgery vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin OPEN-BRAIN versions = 0.5.0...
WordPress plugin OPEN-BRAIN 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-33027
The OPEN-BRAIN plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.5.0. This is due to missing nonce verification on the settings form in the func page main function. This makes it possible for unauthenticated attackers to inject malicious web...