55998 matches found
CVE-2025-12373 Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings Modification
The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for...
CVE-2025-12373 Torod – The smart shipping and delivery portal for e-shops and retailers <= 1.9 - Cross-Site Request Forgery To Plugin's Settings Modification
The Torod – The smart shipping and delivery portal for e-shops and retailers plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.9. This is due to missing or incorrect nonce validation on the savesettings function. This makes it possible for...
CVE-2025-12373
CVE-2025-12373 : Torod WordPress plugin (≤1.9) is vulnerable to Cross-Site Request Forgery due to missing/incorrect nonce validation in the save_settings function, allowing unauthenticated attackers to trick an admin into altering plugin settings via forged requests.
CVE-2025-12128 Hide Categories Or Products On Shop Page <= 1.0.7 - Cross-Site Request Forgery to Settings Update
The Hide Categories Or Products On Shop Page plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.7. This is due to missing or incorrect nonce validation on the savedatahcps function. This makes it possible for unauthenticated attackers to...
EUVD-2025-201368
The Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.10.1321. This is due to missing or incorrect nonce validation on the uploadImage function...
EUVD-2025-201375
The Time Sheets plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.1.3. This is due to missing or incorrect nonce validation on several endpoints. This makes it possible for unauthenticated attackers to perform a variety of actions via a forge...
CVE-2025-10055
CVE-2025-10055 concerns the Time Sheets plugin for WordPress. The vulnerability is a Cross-Site Request Forgery (CSRF) in all versions up to 2.1.3 caused by missing or incorrect nonce validation on several endpoints. This could allow unauthenticated attackers to cause administrators to perform ac...
CVE-2025-13621 dream gallery <= 1.0 - Cross-Site Request Forgery to Stored Cross-Site Scripting via 'dreampluginsmain' AJAX Action
The dream gallery plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0. This is due to missing or incorrect nonce validation on the 'dreampluginsmain' AJAX action. This makes it possible for unauthenticated attackers to update the plugin's...
EUVD-2025-201385
The ContentStudio plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.7. This is due to missing or insufficient nonce validation on the addcstusettings function. This makes it possible for unauthenticated attackers to modify plugin settings v...
CVE-2025-13362
The Norby AI plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.0.3. This is due to missing nonce validation on the settings update functionality. This makes it possible for unauthenticated attackers to update the plugin's settings and inject...
CVE-2025-11759
The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...
CVE-2025-11759
CVE-2025-11759 affects the WordPress plugin “Backup, Restore and Migrate your sites with XCloner” (versions up to and including 4.8.2). The issue is a Cross-Site Request Forgery (CSRF) due to missing/incorrect nonce validation in the Xcloner_Remote_Storage:save() function, enabling unauthenticate...
CVE-2025-11759 Backup, Restore and Migrate your sites with XCloner <= 4.8.2 - Cross-Site Request Forgery in Xcloner_Remote_Storage:save()
The Backup, Restore and Migrate your sites with XCloner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.8.2. This is due to missing or incorrect nonce validation on the XclonerRemoteStorage:save function. This makes it possible for...
HedgeDoc 跨站请求伪造漏洞
HedgeDoc is a Javascript-based real-time editing and sharing platform for Markdown documents from the HedgeDoc team. A cross-site request forgery vulnerability exists in HedgeDoc versions prior to 1.10.4, which stems from a lack of CSRF protection in the OAuth2 endpoint and could lead to cross-si...
WordPress plugin Time Sheets 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site request...
PT-2025-49232
The ARK Related Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in version 2.19. This is due to missing or incorrect nonce validation on the ark rp options page function. This makes it possible for unauthenticated attackers to modify the plugin's configuration settings via ...
UBUNTU-CVE-2025-59775
NTLM Leakage on Windows through UNC SSRF...
WordPress User Generator and Importer plugin <= 1.2.2 - Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation vulnerability
Cross-Site Request Forgery to Privilege Escalation via Arbitrary Administrator Account Creation vulnerability discovered by Ivan Cese in WordPress Plugin User Generator and Importer versions = 1.2.2...
WordPress ARK Related Posts plugin <= 2.19 - Cross-Site Request Forgery to Settings Update vulnerability
Cross-Site Request Forgery to Settings Update vulnerability discovered by Muhammad Nur Ibnu Hubab Ibnu - Pondok Teknologi in WordPress Plugin ARK Related Posts versions = 2.19...
Server-side Request Forgery (SSRF)
Overview open-webui is an Open WebUI Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the /api/v1/retrieval/process/web endpoint . An attacker can access internal network resources, cloud metadata endpoints, and sensitive information by submitting crafted...