Lucene search
K

55996 matches found

NVD
NVD
added 2025/12/12 4:15 a.m.5 views

CVE-2025-14158

The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update plugin settings including th...

4.3CVSS0.00128EPSS
Exploits0References4
NVD
NVD
added 2025/12/12 4:15 a.m.3 views

CVE-2025-13408

The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtoollogingoogle function. This makes it...

4.3CVSS0.00145EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/12 3:21 a.m.2 views

CVE-2025-14391 Simple Theme Changer <= 1.0 - Cross-Site Request Forgery to Arbitrary Theme Switcher Configuration Update

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...

4.3CVSS5AI score0.00102EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/12/12 3:21 a.m.22 views

CVE-2025-13366 Rabbit Hole <= 1.1 - Cross-Site Request Forgery to Settings Reset

The Rabbit Hole plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing or incorrect nonce validation on the plugin's reset functionality. This makes it possible for unauthenticated attackers to reset the plugin's settings...

4.3CVSS0.00124EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/12 3:20 a.m.4 views

EUVD-2025-202965

The Upcoming for Calendly plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.4. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's Calendl...

4.3CVSS4.9AI score0.00128EPSS
Exploits0References6
EUVD
EUVD
added 2025/12/12 3:20 a.m.3 views

EUVD-2025-202968

The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'suppthandledeletion' function. This makes it possible for unauthenticated attackers to delete arbitrary...

4.3CVSS5AI score0.00124EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.28 views

CVE-2025-13987 Purchase and Expense Manager <= 1.1.2 - Cross-Site Request Forgery to Arbitrary Purchase Record Deletion

The Purchase and Expense Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing nonce validation on the 'suppthandledeletion' function. This makes it possible for unauthenticated attackers to delete arbitrary...

4.3CVSS0.00124EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 3:20 a.m.11 views

CVE-2025-14161

CVE-2025-14161 affects the Truefy Embed WordPress plugin (pre-1.1.0). Root cause: missing nonce validation on the truefy_embed_options_update action, enabling CSRF by unauthenticated attackers to update plugin settings (including the API key) via forged requests that trick an admin. Impact per so...

4.3CVSS5AI score0.00124EPSS
Exploits0References3
CVE
CVE
added 2025/12/12 3:20 a.m.20 views

CVE-2025-14165

CVE-2025-14165 refers to the Kirim.Email WooCommerce Integration plugin for WordPress, with a CSRF vulnerability affecting all versions up to 1.2.9. The root cause is missing nonce validation on the plugin’s settings page, enabling unauthenticated attackers to modify API credentials and integrati...

4.3CVSS5AI score0.00128EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.3 views

CVE-2025-13363 IMAQ Core <= 1.2.1 - Cross-Site Request Forgery to URL Structure Update

The IMAQ Core plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.1. This is due to missing nonce validation on the URL structure settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's URL...

4.3CVSS5AI score0.0014EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/12/12 3:20 a.m.2 views

CVE-2025-14158 Coding Blocks <= 1.1.0 - Cross-Site Request Forgery to Settings Update

The Coding Blocks plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.0. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update plugin settings including th...

4.3CVSS5AI score0.00128EPSS
Exploits0References4
Cvelist
Cvelist
added 2025/12/12 3:20 a.m.32 views

CVE-2025-13408 Foxtool All-in-One: Contact chat button, Custom login, Media optimize images <= 2.5.2 - Cross-Site Request Forgery to Google OAuth Connection

The Foxtool All-in-One: Contact chat button, Custom login, Media optimize images plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.2. This is due to missing or incorrect nonce validation on the foxtoollogingoogle function. This makes it...

4.3CVSS0.00145EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.5 views

PT-2025-50849

The Animated Pixel Marquee Creator plugin for WordPress is vulnerable to Cross-Site Request Forgery via the 'marquee' parameter in all versions up to, and including, 1.0.0. This is due to missing nonce validation on the marquee deletion function. This makes it possible for unauthenticated attacke...

4.3CVSS5.5AI score0.00124EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.4 views

PT-2025-50897

The WP Fastest Cache plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.7.4 via the 'get server time ajax request' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to make web requests t...

3.5CVSS5.8AI score0.00201EPSS
Exploits0References4
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

WordPress plugin Secure Copy Content Protection and Content Locking 跨站请求伪造漏洞

WordPress and the WordPress plugin are products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress is a blogging platform developed using the PHP language, which provides the ability to host a personal blog site on a PHP and MySQL based...

4.3CVSS6.1AI score0.00137EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/12/12 12:0 a.m.6 views

PT-2025-50867

The Simple Theme Changer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.0. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to update the plugin's settings via a forged request granted...

4.3CVSS5.4AI score0.00102EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/12/12 12:0 a.m.3 views

WordPress plugin Construction Light 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

4.3CVSS6.6AI score0.00102EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/12/11 9:34 p.m.5 views

WordPress Coding Blocks plugin <= 1.1.0 - Cross-Site Request Forgery to Settings Update vulnerability

Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin Coding Blocks versions = 1.1.0...

4.3CVSS6.8AI score0.00128EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2025/12/11 8:56 p.m.6 views

WordPress Animated Pixel Marquee Creator plugin <= 1.0.0 - Cross-Site Request Forgery via 'marquee' Parameter vulnerability

Cross-Site Request Forgery via 'marquee' Parameter vulnerability discovered by ChamlaVic in WordPress Plugin Animated Pixel Marquee Creator versions = 1.0.0...

4.3CVSS6.8AI score0.00124EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2025/12/11 6:30 p.m.3 views

EUVD-2025-202701

A Cross-Site Request Forgery CSRF in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page...

6.5AI score0.00171EPSS
Exploits1References3
Rows per page
Query Builder