55996 matches found
CVE-2025-13970
OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...
EUVD-2025-203225
The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation in misc-settings.php. This makes it possible for unauthenticated attackers to update plugin settings via a forge...
EUVD-2025-203235
The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...
CVE-2025-11970
The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...
Server-Side Request Forgery
calibreweb is vulnerable to Server-Side Request Forgery. The vulnerability is due to where the blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...
Server-Side Request Forgery (SSRF)
PowerJob is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of the targetIp and targetPort parameters in the checkConnectivity function of PingPongUtils, allowing attackers to trigger server-side network requests to arbitrary destinations...
CVE-2025-14394
CVE-2025-14394 (Popover Windows, WordPress) is a CSRF vulnerability in Popover Windows plugin ≤ 1.2 caused by missing nonce verification. This allows unauthenticated attackers to update plugin settings by tricking an admin into performing an action (e.g., clicking a forged link). Connected source...
CVE-2025-11970
CVE-2025-11970 affects the WordPress plugin “Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated” up to version 1.0.9. The vulnerability is a Server-Side Request Forgery (SSRF) that can be triggered via the functions emplibot_call_webhoo...
CVE-2025-11970 Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated <= 1.0.9 - Authenticated (Admin+) Server-Side Request Forgery
The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...
CVE-2025-11970 Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated <= 1.0.9 - Authenticated (Admin+) Server-Side Request Forgery
The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...
CVE-2025-14354
The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to perform variou...
CVE-2025-14161
The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'truefyembedoptionsupdate' settings update action. This makes it possible for unauthenticated attackers to update the...
WordPress Lucky Draw Contests plugin <= 4.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability
Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Lucky Draw Contests versions = 4.2...
CVE-2025-13970 OpenPLC_V3 Cross-Site Request Forgery
OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...
BIT-JENKINS-2025-67639
A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...
CVE-2025-14159 Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export
The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...
EUVD-2025-203050
The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...
CVE-2025-10583 WP Fastest Cache Premium <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery
The WP Fastest Cache Premium plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web reques...
EUVD-2025-203002
The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtoollogingoogle function. This makes it...
CVE-2025-58576
Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...