55996 matches found
CVE-2025-14158
The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update plugin settings including th...
CVE-2025-13408
The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtoollogingoogle function. This makes it...
CVE-2025-14391 Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update
The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...
CVE-2025-13366 Rabbit Hole <= 1.1 - Cross-Site Request Forgery to Settings Reset
The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the plugin's settings...
EUVD-2025-202965
The Upcoming for Calendly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's Calendl...
EUVD-2025-202968
The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'suppthandledeletion' function. This makes it possible for unauthenticated attackers to delete arbitrary...
CVE-2025-13987 Purchase and Expense Manager <= 1.1.2 - Cross-Site Request Forgery to Arbitrary Purchase Record Deletion
The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'suppthandledeletion' function. This makes it possible for unauthenticated attackers to delete arbitrary...
CVE-2025-14161
CVE-2025-14161 affects the Truefy Embed WordPress plugin (pre-1.1.0). Root cause: missing nonce validation on the truefy_embed_options_update action, enabling CSRF by unauthenticated attackers to update plugin settings (including the API key) via forged requests that trick an admin. Impact per so...
CVE-2025-14165
CVE-2025-14165 refers to the Kirim.Email WooCommerce Integration plugin for WordPress, with a CSRF vulnerability affecting all versions up to 1.2.9. The root cause is missing nonce validation on the plugin’s settings page, enabling unauthenticated attackers to modify API credentials and integrati...
CVE-2025-13363 IMAQ Core <= 1.2.1 - Cross-Site Request Forgery to URL Structure Update
The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the URL structure settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's URL...
CVE-2025-14158 Coding Blocks <= 1.1.0 - Cross-Site Request Forgery to Settings Update
The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update plugin settings including th...
CVE-2025-13408 Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection
The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtoollogingoogle function. This makes it...
PT-2025-50849
The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for unauthenticated attacke...
PT-2025-50897
The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get server time ajax request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests t...
WordPress plugin Secure Copy Content Protection and Content Locking 跨站请求伪造漏洞
WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...
PT-2025-50867
The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...
WordPress plugin Construction Light 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress Coding Blocks plugin <= 1.1.0 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Coding Blocks versions = 1.1.0...
WordPress Animated Pixel Marquee Creator plugin <= 1.0.0 - Cross-Site Request Forgery via 'marquee' Parameter vulnerability
Cross-Site Request Forgery via 'marquee' Parameter vulnerability discovered by ChamlaVic in WordPress Plugin Animated Pixel Marquee Creator versions = 1.0.0...
EUVD-2025-202701
A Cross-Site Request Forgery CSRF in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page...