Lucene search
K

55998 matches found

RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.3 views

CVE-2025-13621

The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...

6.1CVSS5.4AI score0.00119EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 5:54 a.m.3 views

CVE-2025-12128

The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the savedatahcps function. This makes it possible for unauthenticated attackers to...

4.3CVSS5.1AI score0.00102EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/06 2:53 a.m.22 views

CVE-2025-11759

The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...

4.3CVSS5.3AI score0.00102EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/06 12:31 a.m.4 views

EUVD-2025-201505

A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument healthurl results in server-side request forgery. The attack can be initiated remotely. The explo...

5.8CVSS6.4AI score0.00223EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/12/06 12:7 a.m.5 views

WordPress WP Landing Page plugin <= 0.9.3 - Cross-Site Request Forgery to Arbitrary Post Meta Update vulnerability

Cross-Site Request Forgery to Arbitrary Post Meta Update vulnerability discovered by Ivan Cese in WordPress Plugin WP Landing Page versions = 0.9.3...

4.3CVSS6.6AI score0.00126EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/12/06 12:0 a.m.4 views

PT-2025-49343

The WP Landing Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.3. This is due to missing nonce validation on the 'wplp api update text' function. This makes it possible for unauthenticated attackers to update arbitrary post meta via ...

4.3CVSS5.4AI score0.00126EPSS
Exploits0References4
NVD
NVD
added 2025/12/05 11:15 p.m.3 views

CVE-2025-14116

A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument healthurl results in server-side request forgery. The attack can be initiated remotely. The explo...

5.8CVSS0.00223EPSS
Exploits0References5
OSV
OSV
added 2025/12/05 11:15 p.m.2 views

CVE-2025-14116

A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument healthurl results in server-side request forgery. The attack can be initiated remotely. The explo...

5.1CVSS5.1AI score
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/12/05 2:27 p.m.4 views

CVE-2024-45538

Cross-Site Request Forgery CSRF vulnerability in WebAPI Framework in Synology DiskStation Manager DSM before 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote attackers to execute arbitrary code via unspecified vectors...

9.6CVSS8AI score0.00301EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/05 12:30 p.m.7 views

EUVD-2025-201394

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

7.5CVSS6.4AI score0.00771EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 11:15 a.m.3 views

DEBIAN-CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

7.5CVSS5.5AI score0.00771EPSS
Exploits0References1
CVE
CVE
added 2025/12/05 10:17 a.m.701 views

CVE-2025-59775

CVE-2025-59775 : SSRF in Apache HTTP Server on Windows when AllowEncodedSlashes On and MergeSlashes Off can leak NTLM hashes to a malicious server. Affected: Apache HTTP Server (Windows). Root cause: SSRF via UNC/NTLM-related handling as described in multiple security bulletins. Remediation: upgr...

7.5CVSS6.5AI score0.00771EPSS
Exploits0References2Affected Software1
AlpineLinux
AlpineLinux
added 2025/12/05 10:17 a.m.5 views

CVE-2025-59775

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

7.5CVSS7AI score0.00771EPSS
Exploits0
Cvelist
Cvelist
added 2025/12/05 10:17 a.m.65 views

CVE-2025-59775 Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

Server-Side Request Forgery SSRF vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes...

0.00771EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/05 9:27 a.m.24 views

CVE-2025-12879 User Generator and Importer <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...

8.8CVSS0.00154EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/05 9:27 a.m.2 views

CVE-2025-12879 User Generator and Importer <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation

The User Generator and Importer plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to and including 1.2.2. This is due to missing nonce validation in the "Import Using CSV File" function. This makes it possible for unauthenticated attackers to elevate user privileges ...

8.8CVSS5.3AI score0.00154EPSS
Exploits0References2
CVE
CVE
added 2025/12/05 9:27 a.m.14 views

CVE-2025-12879

CVE-2025-12879 : WordPress plugin “User Generator and Importer” (

8.8CVSS5.3AI score0.00154EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/05 7:26 a.m.1 views

CVE-2025-12130 WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors <= 2.6.4 - Cross-Site Request Forgery to Vendor Product Deletion

The WC Vendors – WooCommerce Multivendor, WooCommerce Marketplace, Product Vendors plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.4. This is due to missing or incorrect nonce validation on the /vendordashboard/product/delete/ endpoint...

4.3CVSS4.9AI score0.00102EPSS
Exploits0References2
NVD
NVD
added 2025/12/05 6:16 a.m.4 views

CVE-2025-12190

The Image Optimizer by wps.sk plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.2.0. This is due to missing or incorrect nonce validation on the imagopbyajaxoptimizegallery function. This makes it possible for unauthenticated attackers to...

4.3CVSS0.00124EPSS
Exploits0References3
OSV
OSV
added 2025/12/05 6:16 a.m.5 views

CVE-2025-12189

The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.10.1321. This is due to missing or incorrect nonce validation on the uploadImage function...

8.8CVSS6.4AI score0.00268EPSS
Exploits2References4
Rows per page
Query Builder