Lucene search
K

55996 matches found

RedhatCVE
RedhatCVE
added 2025/12/14 12:57 a.m.6 views

CVE-2025-13970

OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...

8CVSS7AI score0.00277EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/13 6:30 p.m.4 views

EUVD-2025-203225

The Lucky Draw Contests plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.2. This is due to missing or incorrect nonce validation in misc-settings.php. This makes it possible for unauthenticated attackers to update plugin settings via a forge...

4.3CVSS4.9AI score0.00112EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/13 6:30 p.m.4 views

EUVD-2025-203235

The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...

4.4CVSS5.4AI score0.00158EPSS
Exploits0References3
NVD
NVD
added 2025/12/13 4:16 p.m.3 views

CVE-2025-11970

The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...

4.4CVSS0.00158EPSS
Exploits0References2
Veracode
Veracode
added 2025/12/13 7:15 a.m.9 views

Server-Side Request Forgery

calibreweb is vulnerable to Server-Side Request Forgery. The vulnerability is due to where the blacklist does not check for 0.0.0.0, which would result in a payload of 0.0.0.0 resolving to localhost...

9.8CVSS6.8AI score0.01284EPSS
Exploits1References4Affected Software1
Veracode
Veracode
added 2025/12/13 4:35 a.m.4 views

Server-Side Request Forgery (SSRF)

PowerJob is vulnerable to Server-Side Request Forgery SSRF. The vulnerability is due to insufficient validation of the targetIp and targetPort parameters in the checkConnectivity function of PingPongUtils, allowing attackers to trigger server-side network requests to arbitrary destinations...

9.8CVSS5.9AI score0.00311EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2025/12/13 4:31 a.m.13 views

CVE-2025-14394

CVE-2025-14394 (Popover Windows, WordPress) is a CSRF vulnerability in Popover Windows plugin ≤ 1.2 caused by missing nonce verification. This allows unauthenticated attackers to update plugin settings by tricking an admin into performing an action (e.g., clicking a forged link). Connected source...

4.3CVSS5AI score0.00102EPSS
Exploits0References2
CVE
CVE
added 2025/12/13 4:31 a.m.15 views

CVE-2025-11970

CVE-2025-11970 affects the WordPress plugin “Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated” up to version 1.0.9. The vulnerability is a Server-Side Request Forgery (SSRF) that can be triggered via the functions emplibot_call_webhoo...

4.4CVSS5.4AI score0.00158EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/13 4:31 a.m.1 views

CVE-2025-11970 Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated <= 1.0.9 - Authenticated (Admin+) Server-Side Request Forgery

The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...

4.4CVSS5.4AI score0.00158EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/13 4:31 a.m.28 views

CVE-2025-11970 Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated <= 1.0.9 - Authenticated (Admin+) Server-Side Request Forgery

The Emplibot – AI Content Writer with Keyword Research, Infographics, and Linking | SEO Optimized | Fully Automated plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.0.9 via the emplibotcallwebhookwitherror and emplibotprocesszipdata...

4.4CVSS0.00158EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.5 views

CVE-2025-14354

The Resource Library for Logged In Users plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing nonce validation on multiple administrative functions. This makes it possible for unauthenticated attackers to perform variou...

4.3CVSS5.8AI score0.00135EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/13 3:59 a.m.4 views

CVE-2025-14161

The Truefy Embed plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the 'truefyembedoptionsupdate' settings update action. This makes it possible for unauthenticated attackers to update the...

4.3CVSS5.4AI score0.00124EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/13 1:23 a.m.9 views

WordPress Lucky Draw Contests plugin <= 4.2 - Cross-Site Request Forgery to Plugin Settings Update vulnerability

Cross-Site Request Forgery to Plugin Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Lucky Draw Contests versions = 4.2...

4.3CVSS6.8AI score0.00112EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/12/13 12:3 a.m.25 views

CVE-2025-13970 OpenPLC_V3 Cross-Site Request Forgery

OpenPLCV3 is vulnerable to a cross-site request forgery CSRF attack due to the absence of proper CSRF validation. This issue allows an unauthenticated attacker to trick a logged-in administrator into visiting a maliciously crafted link, potentially enabling unauthorized modification of PLC settin...

8CVSS0.00277EPSS
Exploits0References3
OSV
OSV
added 2025/12/12 11:23 a.m.5 views

BIT-JENKINS-2025-67639

A cross-site request forgery CSRF vulnerability in Jenkins 2.540 and earlier, LTS 2.528.2 and earlier allows attackers to trick users into logging in to the attacker's account...

3.5CVSS6.7AI score0.00154EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/12 11:15 a.m.28 views

CVE-2025-14159 Secure Copy Content Protection and Content Locking <= 4.9.2 - Cross-Site Request Forgery to Data Export

The Secure Copy Content Protection and Content Locking plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.2. This is due to missing nonce validation on the 'ayssccpresultsexportfile' AJAX action. This makes it possible for unauthenticated...

4.3CVSS0.00137EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 7:20 a.m.5 views

EUVD-2025-203050

The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests to...

3.5CVSS5.4AI score0.00201EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 7:20 a.m.4 views

CVE-2025-10583 WP Fastest Cache Premium <= 1.7.4 - Missing Authorization to Authenticated (Subscriber+) Blind Server-Side Request Forgery

The WP Fastest Cache Premium plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'getservertimeajaxrequest' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web reques...

3.5CVSS5.8AI score0.00201EPSS
Exploits0References4
EUVD
EUVD
added 2025/12/12 6:31 a.m.5 views

EUVD-2025-203002

The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtoollogingoogle function. This makes it...

4.3CVSS4.8AI score0.00145EPSS
Exploits0References5
OSV
OSV
added 2025/12/12 5:16 a.m.4 views

CVE-2025-58576

Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...

5.1CVSS5.7AI score0.00114EPSS
Exploits0References2
Rows per page
Query Builder